[PATCH] Enable splitting the logs to both auditd and kernel simultaneously
William Roberts
bill.c.roberts at gmail.com
Tue May 21 18:09:23 UTC 2013
This came from an internal application and usecase at Samsung for our
mobile products. We don't have all these daemons in userspace, and
splitting coppying, and re-writing is a bit inefficient. Also,
suppose the case where different userspaces have different things that make
use of the netlink socket. They all would need to know that they need to
write the data back to kmsg.
Bill
On Tue, May 21, 2013 at 11:03 AM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Tuesday, May 21, 2013 10:40:24 AM William Roberts wrote:
> > Allow the audit subsystem to send audit events to both the kernel
> > message buffer and auditd at the same time.
> >
> > Signed-off-by: William Roberts <w.roberts at sta.samsung.com>
>
> Out of curiosity, why would you want both auditd and sysloging of events?
> Audispd also has a builtin service that sends events into syslog.
>
> -Steve
>
--
Respectfully,
William C Roberts
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20130521/564c0046/attachment.htm>
More information about the Linux-audit
mailing list