[patches] Implement mode=forward in audisp-remote
Miloslav Trmac
mitr at redhat.com
Sat Mar 19 11:09:58 UTC 2011
Hello,
the attached patch series implements the store-and-forward mode in audisp-remote.
In mode=forward, as audisp-remote receives audit records, it automatically writes them to a local file. Therefore neither an unexpected termination of audisp-remote nor problems with the remote server can cause loss of the audit records, and audisp-remote will try to resend all of the pending records before sending any later received audit record, or after restarting audisp-remote. (Note that loss of audit records is still possible in other cases, e.g. when the system crashes before the records are received by audisp-remote, or when the local queue file is corrupted.)
Detailed description of the approach is included in the individual patches.
Mirek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 11-drop-event_t
Type: application/octet-stream
Size: 3515 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110319/9d0dc37c/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 12-fold-old-queue-interface
Type: application/octet-stream
Size: 6193 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110319/9d0dc37c/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 13-flush-queue-on-startup
Type: application/octet-stream
Size: 2052 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110319/9d0dc37c/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 01-dont-discard-data
Type: application/octet-stream
Size: 747 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110319/9d0dc37c/attachment-0003.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 02-fix-leak-on-input-error
Type: application/octet-stream
Size: 423 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110319/9d0dc37c/attachment-0004.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 03-fix-config-mode-type
Type: application/octet-stream
Size: 479 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110319/9d0dc37c/attachment-0005.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 04-use-make-dependencies
Type: application/octet-stream
Size: 619 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110319/9d0dc37c/attachment-0006.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 05-decouple-do_overflow_action
Type: application/octet-stream
Size: 4992 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110319/9d0dc37c/attachment-0007.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 06-drop-increase_queue_depth
Type: application/octet-stream
Size: 1215 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110319/9d0dc37c/attachment-0008.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 07-implement-persistent-queue
Type: application/octet-stream
Size: 27269 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110319/9d0dc37c/attachment-0009.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 08-config-persistence
Type: application/octet-stream
Size: 7283 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110319/9d0dc37c/attachment-0010.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 09-use-persistent-queue
Type: application/octet-stream
Size: 5684 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110319/9d0dc37c/attachment-0011.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 10-split-dequeue
Type: application/octet-stream
Size: 1982 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110319/9d0dc37c/attachment-0012.obj>
More information about the Linux-audit
mailing list