===============================================================================

Additional configuration is required if you wish to use auditdistd:

On the receiver, perform the following:

1. Generate a certificate:
# openssl req -x509 -nodes -newkey rsa:4096 -days 1825 -batch \
	-out /etc/security/auditdistd.cert.pem \
	-keyout /etc/security/auditdistd.key.pem
# chmod 0600 /etc/security/auditdistd.key.pem /etc/security/auditdistd.cert.pem
# chown root:wheel /etc/security/auditdistd.key.pem /etc/security/auditdistd.cert.pem

2. Print out the public key's fingerprint:
# openssl x509 -in /etc/security/auditdistd.cert.pem -noout -fingerprint -sha256 | \
        awk -F '[ =]' '{printf("%s=%s\n", $1, $3)}'
SHA256=8F:0A:FC:8A:3D:09:80:AF:D9:AA:38:CC:8A:86:53:E6:8F:B6:1C:55:30...

3. Generate a password used to authenticate both hosts against eachother:
# dd if=/dev/urandom bs=32 count=1 | openssl base64 | cut -b -32
YjwbK69H5cEBlhcT+eJpJgJTFn5B2SrG

4. Create /etc/security/auditdistd.conf configuration file:
receiver {
	host "<enter hostname of sender here> {
		remote "tls://<enter IP of sender here>"
		password "<enter password generated above here>"
	}
}

5. Update permissions on the auditdistd configuration file and create directory:
# chmod 600 /etc/security/auditdistd.conf
# chown root:wheel /etc/security/auditdistd.conf
# mkdir -m 700 /var/audit/remote ; chown auditdistd:wheel /var/audit/remote

6. Add the following to /etc/rc.conf:
auditdistd_enable="YES"

7. Start auditdistd:
service auditdistd start

===============================================================================

On the sender, perform the following:

1. Ensure your kernel is compiled with:
options		AUDIT

2. Add the following to /etc/rc.conf:
auditd_enable="YES"
auditd_program="%%PREFIX%%/sbin/auditd"
auditdistd_enable="YES"

3. Add the following to /etc/security/audit_control:
dist:on

4. Create /etc/security/auditdistd.conf configuration file:
sender {
	host "<enter hostname of receiver here>" {
		remote "tls://<enter IP of the receiver here>"
		fingerprint "SHA256=8F:0A:FC:8A:3D:09:80:AF:D9:AA:38:CC:8A:86:..."
		password "<enter password generated above here>"
	}
}

5. Create the required directories:
# mkdir -m 0770 /var/audit/dist ; chown auditdistd:audit /var/audit/dist

6. Start the required daemons:
service auditd start && service auditdistd start

Additional information regarding auditdistd may be found on the OpenBSM wiki:
https://wiki.freebsd.org/auditdistd
===============================================================================