[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [patches] Implement mode=forward in audisp-remote



Hello,
----- Original Message -----
> I set the suggested persistent queue to: /var/spool/audit/remote.log.
Right, that is a better default location.  The attached patch updates the path in other places.
    Mirek
Index: audisp/plugins/remote/audisp-remote.c
===================================================================
--- audisp/plugins/remote/audisp-remote.c	(revision 470)
+++ audisp/plugins/remote/audisp-remote.c	(working copy)
@@ -358,7 +358,7 @@
 	if (config.queue_file != NULL)
 		path = config.queue_file;
 	else
-		path = "/var/lib/auditd-remote/queue";
+		path = "/var/spool/audit/remote.log";
 	q_flags = Q_IN_MEMORY;
 	if (config.mode == M_STORE_AND_FORWARD)
 		/* FIXME: let user control Q_SYNC? */
Index: audisp/plugins/remote/audisp-remote.conf.5
===================================================================
--- audisp/plugins/remote/audisp-remote.conf.5	(revision 470)
+++ audisp/plugins/remote/audisp-remote.conf.5	(working copy)
@@ -25,9 +25,6 @@
 .IR tcp ,
 the remote logging app will just make a normal clear text connection to the remote system. This is not used if kerberos is enabled.
 .TP
-.I queue_file
-This is the absolute path to the file to be used as a persistent queue.
-.TP
 .I mode
 This parameter tells the remote logging app what strategy to use getting records to the remote system. Valid values are
 .IR immediate ", and " forward " .
@@ -42,7 +39,7 @@
 .I queue_file
 Path of a file used for the event queue if
 .I mode
-is set to \fIforward\fP.  The default is \fB/var/lib/auditd-remote/queue\fP.
+is set to \fIforward\fP.  The default is \fB/var/spool/audit/remote.log\fP.
 .TP
 .I queue_depth
 This option is an unsigned integer that determines how many records can be buffered to disk or in memory before considering it to be a failure sending. This parameter affects the

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]