audisp-remote options stoped working?
LC Bruzenak
lenny at magitekltd.com
Thu Jul 23 21:57:35 UTC 2009
F10, audit-1.7.13-1.fc10.x86_64
Previously I noted that if the network_failure_action = halt it would
behave as noted in the audisp-remote.conf man page.
I see that it does not halt now. I tried the "stop" option for the
audisp-remote.conf and it does not stop either.
I have the same default settings as before for the retry parameters:
transport = tcp
mode = immediate
queue_depth = 20
format = managed
network_retry_time = 1
max_tries_per_record = 3
max_time_per_record = 5
network_failure_action = stop
I disconnected my ethernet cable, waited 1 minute then reconnected.
Sent in a couple events with "auditctl -m" on the sender.
Sent in another "auditctl -m" after plugging the cable back in.
They all came out on the collector.
Great recovery; not what I wanted.
Any ideas?
Thx,
LCB.
--
LC (Lenny) Bruzenak
lenny at magitekltd.com
More information about the Linux-audit
mailing list