Date: Sat, 26 May 2007 02:16:09 -0600 (MDT) From: "M. Warner Losh" <imp@bsdimp.com> To: mail@maxlor.com Cc: karma@freebsd.org, freebsd-hackers@freebsd.org, trustedbsd-audit@freebsd.org, trustedbsd-discuss@freebsd.org, karma@ez.pereslavl.ru Subject: Re: SoC: Distributed Audit Daemon project Message-ID: <20070526.021609.-1749708199.imp@bsdimp.com> In-Reply-To: <200705252004.38092.mail@maxlor.com> References: <200705250322.22259.karma@FreeBSD.org> <200705252004.38092.mail@maxlor.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message: <200705252004.38092.mail@maxlor.com>
Benjamin Lutz <mail@maxlor.com> writes:
: On Friday 25 May 2007 01:22:21 Alexey Mikhailov wrote:
: > [...]
: > 2. As I said before initial subject of this project was "Distributed
: > audit daemon". But after some discussions we had decided that this
: > project can be done in more general maner. We can perform distributed
: > logging for any user-space app.
: > [...]
:
: This sounds very similar to syslogd. Is it feasible to make dlogd a drop-in
: replacement for syslogd, at least from a syslog-using-program point of view?
I suspect that it is dealing with different data streams. syslog is
for programs sending text voluntarily. auditd is for pulling audit
trails out of the kernel for which the 'target' programs have no
knowledge that the audit trails are being generated, let alone anyway
to prevent it.
Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070526.021609.-1749708199.imp>