On Friday 26 December 2008 02:07:56 am Chu Li wrote: > When reading manpage of auditd.conf, I found "heartbeat" in the > explanation of " tcp_client_max_idle". But in the manpage of > audisp-remote.conf there is no description about it.
I think it was assumed that an admin that is setting this up will read both man pages since both ends need some adjustments. > How to use "tcp_client_max_idle" and what is "heartbeat"? This is a message being passed back and forth so that each end knows the other is still alive. If one end segfaults, for example, it won't send a tcp close and the connection can linger for a while. This lets each end decide that the other is not working properly and then take admin selected actions. > What will happen if "tcp_client_max_idle" and "heartbeat" is not set as > zero? Then it will perform the heart beat protocol with the max idle seconds being the deciding factor. I can add some explanation to the man pages. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
