SoC: Distributed Audit Daemon project
M. Warner Losh
imp at bsdimp.com
Sat May 26 08:19:55 UTC 2007
In message: <200705252004.38092.mail at maxlor.com>
Benjamin Lutz <mail at maxlor.com> writes:
: On Friday 25 May 2007 01:22:21 Alexey Mikhailov wrote:
: > [...]
: > 2. As I said before initial subject of this project was "Distributed
: > audit daemon". But after some discussions we had decided that this
: > project can be done in more general maner. We can perform distributed
: > logging for any user-space app.
: > [...]
:
: This sounds very similar to syslogd. Is it feasible to make dlogd a drop-in
: replacement for syslogd, at least from a syslog-using-program point of view?
I suspect that it is dealing with different data streams. syslog is
for programs sending text voluntarily. auditd is for pulling audit
trails out of the kernel for which the 'target' programs have no
knowledge that the audit trails are being generated, let alone anyway
to prevent it.
Warner
More information about the freebsd-hackers
mailing list