[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Audit Dispatcher Design



On Wednesday 07 September 2005 17:57, Linda Knippers wrote:
> I was also wondering about the overall design goals, how we'd expect this to
> be used 

That was stated here:

https://www.redhat.com/archives/linux-audit/2005-August/msg00073.html

> and what the performance and error handling characteristics would be.

No performance goal. There is a queue between auditd & audisp to decouple the 
rate of processing. 

What can you say about error handling other than it must be correct? auditd is 
not going away. It will be the method for reliable logging. audisp is going 
to be best effort at this point. For example, if you use remote logging 
should the machine stop if the network goes down? Should it queue them and 
transfer when the network is up? What if the queue fills to capacity? If the 
remote logger's disk is full, should all machines on the network go to admin 
mode? That'll be a bummer. I don't think we want to face all these issues and 
claim 100% guarantee at this point.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]