[PATCH] Add auditd listener and remote audit protocol
LC Bruzenak
lenny at magitekltd.com
Fri Aug 15 00:31:35 UTC 2008
On Thu, 2008-08-14 at 20:27 -0400, Steve Grubb wrote:
> On Thursday 14 August 2008 20:22:24 LC Bruzenak wrote:
> > I think you have a good point - this is the first cut and maybe later on
> > institute a "replay daemon" or something which can send events on
> > reconnect.
>
> Note that all audispd plugins take their input from stdin. At the worst, if
> you had the time hacks, you could
>
> ausearch --start <time> --end <time> --raw | /sbin.audisp-remote
>
> -Steve
I like that idea too.
Since we get an ACK on delivery it can probably be automated at some
point I'd guess.
Thx,
LCB.
--
LC (Lenny) Bruzenak
lenny at magitekltd.com
More information about the Linux-audit
mailing list