Getting events on unix socket
Steve Grubb
sgrubb at redhat.com
Thu Jul 30 15:51:15 UTC 2015
On Wednesday, July 29, 2015 02:29:23 PM Satish Chandra Kilaru wrote:
> I would like to receive events on unix socket in binary format.
> There is already another program that is reading events from unix socket in
> string format. I created another config file as below...
>
> active = yes
> direction = out
> path = builtin_af_unix
> type = builtin
> args = 0640 /var/run/satish_events
> format = binary
>
> In my test program I am reading events from the socket
> /var/run/satish_events
> Surprisingly I see events in string format as well as binary format.
>
> Is it by design or a bug?
I'd have to check. I don't think it was intended to run more than one
instance. What is better, though, is to write the plugin to just read stdin.
-Steve
More information about the Linux-audit
mailing list