[PATCH] Add auditd listener and remote audit protocol
DJ Delorie
dj at redhat.com
Fri Aug 15 00:23:52 UTC 2008
> I do require centralized auditing and I also require (more importantly)
> not losing any.
The key code is in audisp/plugins/remote/audisp-remote.c
I think I put a couple of FIXMEs in there where the various errors are
noted. If you want to put in a queue and retry mechanism, go ahead :-)
> AMQP may be heavyweight, however if you start down the road of trying to
> not lose networked audit data you probably end up somewhere near there
> anyway...
You can always buy more paranoia.
More information about the Linux-audit
mailing list