Erich Schubert wrote: >Hi, > > >>No... but good idea, can you have multiple audit's monitoring at the >>same time? >> >> >Probably. It's a kernel netlink socket. >But the configuration is not per listener, but for all, so if one >decides it's finished it'll disable the auditing for all of them. So >it's more of experimental nature, if anyone wants to make a readahead >list for his system. >Also it requires root privileges, I guess inotify doesn't. > >One of the things I wanted with audit, which unfortunately did not >work (maybe it's fixed or added by now) is to filter out accesses by >filesystem. Accesses to /proc really flooded my logs, and caused >dropped messages on the netlink socket! > > Well filtering that out can be done quite easily in a pure C daemon.
> > >>Use a memory mapped file when scanning, I find that practical when >>parsing simple files anyway. >> >> > >I do that, but I need to have 0-terminated strings for the filenames, >so I need to copy them to a buffer and make them 0-terminated. That is >exactly the memcpy I do. > > well, not really, if you scan through memory for \n, replace it with \0, do the system call and add +1 to the buffer you'll scan. And then simply do a break on \0 found instead of \n. >best regards, >Erich Schubert >-- > erich@(mucl.de|debian.org) -- GPG Key ID: 4B3A135C (o_ > To understand recursion you first need to understand recursion. //\ > Wo befreundete Wege zusammenlaufen, da sieht die ganze Welt für V_/_ > eine Stunde wie eine Heimat aus. --- Herrmann Hesse > >_______________________________________________ >initscripts-ng-devel mailing list >[email protected] >http://lists.alioth.debian.org/mailman/listinfo/initscripts-ng-devel > > > _______________________________________________ initscripts-ng-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/initscripts-ng-devel
