Events lost with dispatcher
Vishwanath Venkatesan
vvenkates at gmail.com
Wed Mar 31 19:07:59 UTC 2010
Hi,
I having troubles receiving events with the dispatcher in ubuntu-9.04.
I am just trying to use the rule
-a entry, always -S execve -S exit_group
I receive all the events in the audit.log, but not in the dispatcher.
I am using the dispatcher code in the auditd website.
I also using two threads where in one thread collects all the data and
the other thread does the parsing.
So there is no blocking and the queue is an unbounded concurrent queue.
I don't think there can't anything else done at the receiving end.
If anyone has faced something similar or have suggestions, please let
me know
Thanks
Vish
More information about the Linux-audit
mailing list