Filewatcher File Search File Search
Content Search
» » » » » auditd_1.7.13-1+b2_amd64.deb » Content »
pkg://auditd_1.7.13-1+b2_amd64.deb:378280/usr/share/man/man5/  info  control  downloads

auditd - User space tools for security auditing…  more info»


AUDISPD.CONF:(5)   System Administration Utilities  AUDISPD.CONF:(5)

       audispd.conf - the audit event dispatcher configuration file

       audispd.conf  is  the file that controls the configuration of
       the audit event dispatcher. The options  that  are  available
       are as follows:

              This is a numeric value that tells how big to make the
              internal queue of the audit event dispatcher. A bigger
              queue  lets  it  handle  a flood of events better, but
              could hold events that are not processed when the dae‐
              mon is terminated. If you get messages in syslog about
              events  getting  dropped,  increase  this  value.  The
              default value is 80.

              This  option determines how the daemon should react to
              overflowing its internal queue. When this happens,  it
              means  that more events are being received than it can
              get rid of. This error means that it is going to  lose
              the  current  event its trying to dispatch. It has the
              following choices: ignore,  syslog,  suspend,  single,
              and  halt.   If  set to ignore, the audisp daemon does
              nothing.  syslog means that it will issue a warning to
              syslog.   suspend will cause the audisp daemon to stop
              processing events. The daemon will still be alive. The
              single  option will cause the audisp daemon to put the
              computer system in single user mode.  halt option will
              cause  the audisp daemon to shutdown the computer sys‐

              This is a non-negative number  that  tells  the  audit
              event  dispatcher  how  much  of  a  priority boost it
              should take. This boost is in addition  to  the  boost
              provided  from  the audit daemon. The default is 4. No
              change is 0.

              This is a non-negative number  that  tells  the  audit
              event  dispatcher how many times it can try to restart
              a crashed plugin. The default is 10.

              This option  controls  how  computer  node  names  are
              inserted  into the audit event stream. It has the fol‐
              lowing choices:  none,  hostname,  fqd,  numeric,  and
              user.   None  means  that no computer name is inserted
              into the audit event.  hostname is the  name  returned
              by  the  gethostname  syscall.  The  fqd means that it
              takes the hostname and resolves  it  with  dns  for  a
              fully  qualified domain name of that machine.  Numeric
              is similar to fqd except it resolves the IP address of
              the machine.  User is an admin defined string from the
              name option. The default value is none.

       name   This is the admin defined string that  identifies  the
              machine if user is given as the name_format option.


Red Hat                       Jan 2008              AUDISPD.CONF:(5)
Results 1 - 1 of 1
Help - FTP Sites List - Software Dir.
Search over 15 billion files
© 1997-2017