Trying to understand audisp-remote network behavior
Ken Hornstein
kenh at pobox.com
Tue Jul 12 18:57:00 UTC 2022
>> Well, the default configuration is that heartbeats are turned off, so
>> the general impression I would take away from that is you should only
>> turn on heartbeats if you have some unusual requirement.
>
>This has to be coordinated between the client and server as many of these
>setting need to be. I can add some discussion to the man page that this is
>recommended.
Errr ... does it?
I certainly turned them on all of our clients but did not on turn
them on our server. Did not cause any problems. I mean, yes, I could
see that turning them on the server might be helpful, but it doesn't
seem to be required to make them work; from my reading of the code that
the server will respond to a heartbeat message whether or not they
are configured, and since connections all initiate from the clients
that's the end that has to notice the connection has dropped.
And yes, some additional documentation might be helpful. Like if there
was a note in the man page that said, "Enabling heartbeats is the only
way to ensure that a connection will be retried if it is lost", that
might have clued me in that heartbeats are essentially required for
reliable connectivity (I am assuming we all agree that statement is
true; as far as I can tell, even with the latest code it still is!).
--Ken
More information about the Linux-audit
mailing list