Date: Mon, 6 Feb 2006 22:50:39 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/conf files src/sys/security/audit audit.c audit_pipe.c audit_private.h Message-ID: <200602062250.k16Moda7010907@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2006-02-06 22:50:39 UTC
FreeBSD src repository
Modified files:
sys/conf files
sys/security/audit audit.c audit_private.h
Added files:
sys/security/audit audit_pipe.c
Log:
Add support for audit pipe special devices, which allow user space
applications to insert a "tee" in the live audit event stream. Records
are inserted into a per-clone queue so that user processes can pull
discreet records out of the queue. Unlike delivery to disk, audit pipes
are "lossy", dropping records in low memory conditions or when the
process falls behind real-time events. This mechanism is appropriate
for use by live monitoring systems, host-based intrusion detection, etc,
and avoids applications having to dig through active on-disk trails that
are owned by the audit daemon.
Obtained from: TrustedBSD Project
Revision Changes Path
1.1095 +1 -0 src/sys/conf/files
1.5 +13 -0 src/sys/security/audit/audit.c
1.1 +532 -0 src/sys/security/audit/audit_pipe.c (new)
1.2 +5 -0 src/sys/security/audit/audit_private.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602062250.k16Moda7010907>