From owner-cvs-src@FreeBSD.ORG  Mon Feb  6 22:50:42 2006
Return-Path: <owner-cvs-src@FreeBSD.ORG>
X-Original-To: cvs-src@FreeBSD.org
Delivered-To: cvs-src@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0921B16A420;
	Mon,  6 Feb 2006 22:50:42 +0000 (GMT)
	(envelope-from rwatson@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id ED8F443D75;
	Mon,  6 Feb 2006 22:50:39 +0000 (GMT)
	(envelope-from rwatson@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k16Modld010908;
	Mon, 6 Feb 2006 22:50:39 GMT
	(envelope-from rwatson@repoman.freebsd.org)
Received: (from rwatson@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k16Moda7010907;
	Mon, 6 Feb 2006 22:50:39 GMT (envelope-from rwatson)
Message-Id: <200602062250.k16Moda7010907@repoman.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Mon, 6 Feb 2006 22:50:39 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: src/sys/conf files src/sys/security/audit audit.c
 audit_pipe.c audit_private.h
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Feb 2006 22:50:42 -0000

rwatson     2006-02-06 22:50:39 UTC

  FreeBSD src repository

  Modified files:
    sys/conf             files 
    sys/security/audit   audit.c audit_private.h 
  Added files:
    sys/security/audit   audit_pipe.c 
  Log:
  Add support for audit pipe special devices, which allow user space
  applications to insert a "tee" in the live audit event stream.  Records
  are inserted into a per-clone queue so that user processes can pull
  discreet records out of the queue.  Unlike delivery to disk, audit pipes
  are "lossy", dropping records in low memory conditions or when the
  process falls behind real-time events.  This mechanism is appropriate
  for use by live monitoring systems, host-based intrusion detection, etc,
  and avoids applications having to dig through active on-disk trails that
  are owned by the audit daemon.
  
  Obtained from:  TrustedBSD Project
  
  Revision  Changes    Path
  1.1095    +1 -0      src/sys/conf/files
  1.5       +13 -0     src/sys/security/audit/audit.c
  1.1       +532 -0    src/sys/security/audit/audit_pipe.c (new)
  1.2       +5 -0      src/sys/security/audit/audit_private.h