Why can't I run ausearch (part of auditd) remotely over SSH?

ssh sudo auditd

Since you logon as a normal user you might not have /sbin in your $PATH, which means that ausearch might not be found. To try this, specific /sbin/ausearch manually in your command line. For some commands you also require ssh to aquire a tty, you accomplish this with the -t flag, so to try this out, type:

ssh -t myserver "sudo /sbin/ausearch -k my_key"

To fully emulate a logged in session you can also call sudo with the -i flag, and then you can probably omit the /sbin (since it worked in your logged in session), as this:

ssh -t myserver "sudo -i ausearch -k my_key"

Instead of the -t option to SSH, try adding --input-logs to the command (see the man page)

Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1032706#c13

Related

IIS cannot serve images due to impersonation?
PHP Manager for IIS fails to install
Certbot (LetsEncrypt) on custom port (Nginx OR apache)
What would cause mysqlcheck to incorrectly report a table as undamaged?
Can't start apache in linux, because of proxy module
Windows Shared Storage / External SAS3 / JBOD
*tiny* SOHO fileserver upgrade recommendations in 2012? [closed]
How to continue the code on the next line in VBA
Is my server being hacked in?
/etc/crontab or any user crontab is not being executed
How to get multiline input from user [duplicate]
How to do views in Unbound DNS Server