SoC: Distributed Audit Daemon project
Giorgos Keramidas
keramida at ceid.upatras.gr
Sat May 26 02:21:53 UTC 2007
On 2007-05-25 03:22, Alexey Mikhailov <karma at freebsd.org> wrote:
> Hello!
Hi Alexey :)
> http://wiki.freebsd.org/DistributedAuditDaemon
> [...]
> Consider this picture ( Yes, I know that my ASCII art sucks :-) )
>
> '----------------` '-----------------`
> | | '---------` | Client-specific |
> | User-space app | <== | API [2] | ==> | part of |
> | [1] | `---------' | "dlogd" [3] |
> `----------------' `-----------------'
> ^^
> ||
> ||
>
> (network level) [4]
>
> ||
> ||
> vv
> '-----------------`
> '===============` | Server-specific |
> | File system | <======== | part of |
> | hierarchy [6] | | "dlogd" [5] |
> `===============' `-----------------'
[...]
> [1] <=> [2]: Shared user-space library will incapsulate API.
> And I really want to keep real API simple. At this moment
> I'm going to have only one function that will mark log file
> as "to deliver" (i.e. dlogd_submit("/var/audit/whatever")).
It may be worth keeping the API simple by having only two calls:
dlog_register("/var/audit/file");
dlog_unregister("/var/audit/file");
Then dlogd can use kqueue to monitor the file itself, so you don't need
special calls/methods to notify it of new events arriving on the file.
This is just an idea, and I haven't fully thought all the details of how
a "flush" operation could be implemented if dlogd used kqueue itself.
More information about the freebsd-hackers
mailing list