From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Subject: Re: audisp-prelude problems
Date: Wed, 3 Dec 2008 12:34:11 -0500 [thread overview]
Message-ID: <200812031234.11638.sgrubb@redhat.com> (raw)
In-Reply-To: <1228324666.14768.131.camel@homeserver>
On Wednesday 03 December 2008 12:17:46 LC Bruzenak wrote:
> MY favorite: ask Steve how to make the aggregating side flexible in
> this regard.
Why did I know this was coming? :)
> We may need a BZ filed or a consensus about what is important on this list. I
> also would like a separation based on time to allow for an easier
> archive/restore capability
There is a cron script shipped but not installed that can do the right thing.
> ...and maybe that built in if possible! Separation based on node is also a
> potential "good thing".
The main poblem is that once its separated, ausearch/report don't know how to
put it back together again. The current algorithm is a simple number index and
ausearch, aureport, and even auparse knows how to find the files in the right
order to make sense of it.
-Steve
next prev parent reply other threads:[~2008-12-03 17:34 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-03 16:53 audisp-prelude problems Loredan Stancu
2008-12-03 17:02 ` Steve Grubb
2008-12-03 17:17 ` LC Bruzenak
2008-12-03 17:34 ` Steve Grubb [this message]
-- strict thread matches above, loose matches on Subject: below --
2008-12-04 15:38 Loredan Stancu
2008-12-04 15:56 ` Steve Grubb
2008-12-04 14:57 Loredan Stancu
2008-12-04 15:33 ` Steve Grubb
2008-12-04 13:10 Loredan Stancu
2008-12-04 13:41 ` Steve Grubb
2008-12-03 17:58 Loredan Stancu
2008-12-03 20:22 ` Steve Grubb
2008-12-03 16:38 LC Bruzenak
2008-12-03 15:28 Loredan Stancu
2008-12-03 16:33 ` Steve Grubb
2008-12-03 10:23 Loredan Stancu
2008-12-03 13:46 ` Steve Grubb
2008-12-03 15:17 ` LC Bruzenak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200812031234.11638.sgrubb@redhat.com \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.