[Freeipa-devel] [PATCH] initial commit of log watcher (lwatch)

[John Dennis]

This is a big patch, sorry, but there just isn't a realistic way to 
develop a major piece of code into a working state given our checkin 
policy which requires peer review for every change, it's just easier to 
develop elsewhere and submit the working result.

This is the basic framework for the client audit code, it produces an 
executable called lwatch. In it's default mode lwatch watches a set of 
(log) files. It understands how log files are rotated. When a log file 
reaches a modification threshold it's newly appended data is prepared 
for transport to the audit server. When the log file is rotated, 
created, renamed, etc. the appropriate actions take place.

lwatch maintains it's persistent state in a sqlite database. You can 
start and stop lwatch and it self synchronizes based on what is in the 
database and what it finds in the file system.

lwatch is also capable of listing every log under a directory root, this 
can be handy for initializing the set of log files to watch.

lwatch can also dump in a pretty format the current state of the SQL 
database.

lwatch is not completely finished, but it's been in reasonable working 
shape for a while now, but sitting in my own git repository, it's time 
to get into the project's repository. What it needs next is better 
configuration options and to link in the code for audit server 
transmission (coming soon).

Just one note about the patch, it includes a trivial one line fix to 
dhash.h which was missing a const declaration. I realize that should 
have been in a separate patch, but it got included here.

-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Initial-commit-of-log-watching-code.patch
Type: text/x-patch
Size: 163452 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090716/e2277908/attachment.bin>