[PATCH] Add auditd listener and remote audit protocol
LC Bruzenak
lenny at magitekltd.com
Tue Sep 29 17:52:48 UTC 2009
On Thu, 2008-08-14 at 19:31 -0500, LC Bruzenak wrote:
>
> On Thu, 2008-08-14 at 20:27 -0400, Steve Grubb wrote:
> > On Thursday 14 August 2008 20:22:24 LC Bruzenak wrote:
> > > I think you have a good point - this is the first cut and maybe
> later on
> > > institute a "replay daemon" or something which can send events on
> > > reconnect.
> >
> > Note that all audispd plugins take their input from stdin. At the
> worst, if
> > you had the time hacks, you could
> >
> > ausearch --start <time> --end <time> --raw | /sbin.audisp-remote
> >
> > -Steve
Steve,
I have been doing this but I really cannot tell if the audisp-remote
connection succeeds; it returns "0" either way.
Would there be an easy way to return a non-zero failure indicator?
Thx,
LCB.
--
LC (Lenny) Bruzenak
lenny at magitekltd.com
More information about the Linux-audit
mailing list