cvs commit: src/sys/conf files src/sys/security/audit audit.c
audit_pipe.c audit_private.h
Robert Watson
rwatson at FreeBSD.org
Mon Feb 6 14:50:42 PST 2006
rwatson 2006-02-06 22:50:39 UTC
FreeBSD src repository
Modified files:
sys/conf files
sys/security/audit audit.c audit_private.h
Added files:
sys/security/audit audit_pipe.c
Log:
Add support for audit pipe special devices, which allow user space
applications to insert a "tee" in the live audit event stream. Records
are inserted into a per-clone queue so that user processes can pull
discreet records out of the queue. Unlike delivery to disk, audit pipes
are "lossy", dropping records in low memory conditions or when the
process falls behind real-time events. This mechanism is appropriate
for use by live monitoring systems, host-based intrusion detection, etc,
and avoids applications having to dig through active on-disk trails that
are owned by the audit daemon.
Obtained from: TrustedBSD Project
Revision Changes Path
1.1095 +1 -0 src/sys/conf/files
1.5 +13 -0 src/sys/security/audit/audit.c
1.1 +532 -0 src/sys/security/audit/audit_pipe.c (new)
1.2 +5 -0 src/sys/security/audit/audit_private.h
More information about the cvs-src
mailing list