audispd(8) - phpMan

Command: man perldoc info search(apropos)  

AUDISPD:(8)                      System Administration Utilities                      AUDISPD:(8)



NAME
       audispd - an event multiplexor

SYNOPSIS
       audispd  [-c <config_dir>].SHDESCRIPTION  audispd is an audit event multiplexor. It has to
       be started by the audit daemon in order to get events. It takes audit events and  distrib-
       utes them to child programs that want to analyze events in realtime. When the audit daemon
       receives a SIGTERM or SIGHUP, it passes that signal to the dispatcher, too. The dispatcher
       in turn passes those signals to its child processes.

       The  child programs install a configuration file in a plugins directory, /etc/audisp/plug-
       ins.d. Filenames are not allowed to have more than one '.' in  the  name  or  it  will  be
       treated  as  a  backup copy and skipped. Options are given one per line with an equal sign
       between the keyword and its value. The available options are as follows:


       active The options for this are yes or no.

       direction
              The option is dictated by the plugin.  In or out are the only choices.  You  cannot
              make a plugin operate in a way it wasn't designed just by changing this option.This
              option is to give a clue to the event dispatcher about which direction events flow.
              NOTE: inbound events are not supported yet.

       path   This  is  the absolute path to the plugin executable. In the case of internal plug-
              ins, it would be the name of the plugin.

       type   This tells the dispatcher how the plugin wants to be run. Choices are  builtin  and
              always.   Builtin should always be given for plugins that are internal to the audit
              event dispatcher. These are af_unix and syslog. The option always should  be  given
              for most if not all plugins. The default setting is always.

       args   This  allows  you  to pass arguments to the child program. Generally plugins do not
              take arguments and have their own config file that instructs them how  they  should
              be configured. At the moment, there is a limit of 2 args.

       format The  valid  options for this are binary and string.  Binary passes the data exactly
              as the audit event dispatcher gets it from the  audit  daemon.  The  string  option
              tells  the  dispatcher  to  completely  change the event into a string suitable for
              parsing with the audit parsing library. The default value is string.


FILES
       /etc/audisp/audispd.conf /etc/audisp/plugins.d

SEE ALSO
       audispd.conf(5), auditd(8).

AUTHOR
       Steve Grubb



Red Hat                                     Sept 2007                                 AUDISPD:(8)

Generated by $Id: phpMan.php,v 4.55 2007/09/05 04:42:51 chedong Exp $ Author: Che Dong
On Apache
Under GNU General Public License
2024-04-25 22:16 @3.129.67.26 CrawledBy Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Valid XHTML 1.0!Valid CSS!