How to monitor audit/audispd killed
Matthew Chao
mathewchao at gmail.com
Tue Jan 5 16:12:54 UTC 2016
In short, my question is: my program depends on audispd to dispatch audit
messages, for security's sake, when audispd is killed, how can I know it
happened in time in order to restart audispd?
Thanks.
On Tuesday, January 5, 2016, Steve Grubb <sgrubb at redhat.com> wrote:
> On Tuesday, January 05, 2016 06:08:54 PM Matthew Chao wrote:
> > >"You can watch audispd, but I don't think that will help anything.
> >
> > my program totally depends on audispd to dispatch audit messages. I think
> > audispd need more robust mechanisms to monitor itself killed, otherwise
> > which inevitably leads to that audispd' plugins receive nothing but
> always
> > wait wait wait for event messages.
> >
> > So are there some alternative ways to monitor audispd killed in audit
> > ver1.8 ?
>
> To help you, I need to know more about what the actual problem is that you
> are
> trying to solve. Would you like to explain the problem so we can help
> figure
> out how to address it?
>
> Thanks,
> -Steve
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20160106/1fa69b25/attachment.htm>
More information about the Linux-audit
mailing list