Filewatcher File Search File Search
Content Search
» » » » » auditd_1.7.13-1+b2_amd64.deb » Content »
pkg://auditd_1.7.13-1+b2_amd64.deb:378280/usr/share/man/man8/  info  control  downloads

auditd - User space tools for security auditing…  more info»


AUDISPD:(8)        System Administration Utilities       AUDISPD:(8)

       audispd - an event multiplexor


       audispd  is  an audit event multiplexor. It has to be started
       by the audit daemon in order to get events.  It  takes  audit
       events  and  distributes  them to child programs that want to
       analyze events in realtime. When the audit daemon recieves  a
       SIGTERM  or  SIGHUP, it passes that signal to the dispatcher,
       too. The dispatcher in turn passes those signals to its child

       The  child programs install a configuration file in a plugins
       directory, /etc/audisp/plugins.d. Filenames are  not  allowed
       to  have  more than one '.' in the name or it will be treated
       as a backup copy and skipped. Options are given one per  line
       with  an  equal  sign  between the keyword and its value. The
       available options are as follows:

       active The options for this are yes or no.

              The option is dictated by the plugin.  In or  out  are
              the  only choices. You cannot make a plugin operate in
              a  way  it  wasn't  designed  just  by  changing  this
              option.This option is to give a clue to the event dis‐
              patcher  about  which  direction  events  flow.  NOTE:
              inbound events are not supported yet.

       path   This is the absolute path to the plugin executable. In
              the case of internal plugins, it would be the name  of
              the plugin.

       type   This  tells  the dispatcher how the plugin wants to be
              run. Choices are builtin and always.   Builtin  should
              always  be  given for plugins that are internal to the
              audit event dispatcher. These are af_unix and  syslog.
              The  option always should be given for most if not all
              plugins. The default setting is always.

       args   This allows you to pass arguments to  the  child  pro‐
              gram. Generally plugins do not take arguments and have
              their own config file that  instructs  them  how  they
              should  be configured. At the moment, there is a limit
              of 2 args.

       format The valid options for  this  are  binary  and  string.
              Binary passes the data exactly as the audit event dis‐
              patcher gets it from  the  audit  daemon.  The  string
              option  tells  the dispatcher to completely change the
              event into a string  suitable  for  parsing  with  the
              audit parsing library. The default value is string.

       /etc/audisp/audispd.conf /etc/audisp/plugins.d

       audispd.conf(5), auditd(8).

       Steve Grubb

Red Hat                       Sept 2007                  AUDISPD:(8)
Results 1 - 1 of 1
Help - FTP Sites List - Software Dir.
Search over 15 billion files
© 1997-2017