Date: Sat, 26 May 2007 05:18:19 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Alexey Mikhailov <karma@freebsd.org> Cc: freebsd-hackers@freebsd.org, trustedbsd-audit@freebsd.org, trustedbsd-discuss@freebsd.org, karma@ez.pereslavl.ru Subject: Re: SoC: Distributed Audit Daemon project Message-ID: <20070526021819.GB2071@kobe.laptop> In-Reply-To: <200705250322.22259.karma@FreeBSD.org> References: <200705250322.22259.karma@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2007-05-25 03:22, Alexey Mikhailov <karma@freebsd.org> wrote: > Hello! Hi Alexey :) > http://wiki.freebsd.org/DistributedAuditDaemon > [...] > Consider this picture ( Yes, I know that my ASCII art sucks :-) ) > > '----------------` '-----------------` > | | '---------` | Client-specific | > | User-space app | <== | API [2] | ==> | part of | > | [1] | `---------' | "dlogd" [3] | > `----------------' `-----------------' > ^^ > || > || > > (network level) [4] > > || > || > vv > '-----------------` > '===============` | Server-specific | > | File system | <======== | part of | > | hierarchy [6] | | "dlogd" [5] | > `===============' `-----------------' [...] > [1] <=> [2]: Shared user-space library will incapsulate API. > And I really want to keep real API simple. At this moment > I'm going to have only one function that will mark log file > as "to deliver" (i.e. dlogd_submit("/var/audit/whatever")). It may be worth keeping the API simple by having only two calls: dlog_register("/var/audit/file"); dlog_unregister("/var/audit/file"); Then dlogd can use kqueue to monitor the file itself, so you don't need special calls/methods to notify it of new events arriving on the file. This is just an idea, and I haven't fully thought all the details of how a "flush" operation could be implemented if dlogd used kqueue itself.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070526021819.GB2071>