Date: Tue, 21 Aug 2007 14:31:11 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Eric Crist <mnslinky@gmail.com> Cc: freebsd-hackers@freebsd.org, sam <samflanker@gmail.com> Subject: Re: work praudit with tee & grep Message-ID: <20070821142858.C50579@fledge.watson.org> In-Reply-To: <80FA5D23-FA4E-4D1D-87E8-B06E4931C48D@gmail.com> References: <46C9528D.8010201@gmail.com> <20070821123943.N50579@fledge.watson.org> <46CADFF9.2000700@gmail.com> <C48660DC-BD8A-4D38-A0BC-4707921E4799@gmail.com> <46CAE6C7.5060706@gmail.com> <80FA5D23-FA4E-4D1D-87E8-B06E4931C48D@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 21 Aug 2007, Eric Crist wrote: >> thx this not working wite up buffer-pipe to 4096 bytes > > Can I ask what is in the /etc/auditpipe file? I believe what is meant is /dev/auditpipe, which provides a live event stream from the kernel's audit subsystem in FreeBSD 6.2 and later. You can read more about the event audit facility here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html The auditpipe(4) man page provides more detailed information on audit pipes, which, unlike the trail files in /var/audit, provide live streams in a lossy way, and allow applications to push filters into the kernel as to what events they are interested in hearing about. Robert N M Watson Computer Laboratory University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070821142858.C50579>