Date: Mon, 6 Feb 2006 22:50:39 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/conf files src/sys/security/audit audit.c audit_pipe.c audit_private.h Message-ID: <200602062250.k16Moda7010907@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2006-02-06 22:50:39 UTC FreeBSD src repository Modified files: sys/conf files sys/security/audit audit.c audit_private.h Added files: sys/security/audit audit_pipe.c Log: Add support for audit pipe special devices, which allow user space applications to insert a "tee" in the live audit event stream. Records are inserted into a per-clone queue so that user processes can pull discreet records out of the queue. Unlike delivery to disk, audit pipes are "lossy", dropping records in low memory conditions or when the process falls behind real-time events. This mechanism is appropriate for use by live monitoring systems, host-based intrusion detection, etc, and avoids applications having to dig through active on-disk trails that are owned by the audit daemon. Obtained from: TrustedBSD Project Revision Changes Path 1.1095 +1 -0 src/sys/conf/files 1.5 +13 -0 src/sys/security/audit/audit.c 1.1 +532 -0 src/sys/security/audit/audit_pipe.c (new) 1.2 +5 -0 src/sys/security/audit/audit_private.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602062250.k16Moda7010907>