--- Steve Grubb <[EMAIL PROTECTED]> wrote:
> On Monday 01 May 2006 16:06, Casey Schaufler wrote: > > The audit daemon can make those choices and is the > > correct place to put such processing. > > The audit daemon only writes to disk and performs > actions if *it* has an > error. You are, of course, correct. The audit daemon has the information required to perform event processing and, being the single entity in user space that sees all the events, is the correct place to perform said service, while it does not today. The audit daemons for most Unix systems perform these functions. In some cases (e.g.Irix audit_filters(5)) you may have to use a filtering mechanism. Casey Schaufler [EMAIL PROTECTED] -- redhat-lspp mailing list [EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-lspp
