* Getting events on unix socket
@ 2015-07-29 18:29 Satish Chandra Kilaru
2015-07-30 15:51 ` Steve Grubb
0 siblings, 1 reply; 3+ messages in thread
From: Satish Chandra Kilaru @ 2015-07-29 18:29 UTC (permalink / raw)
To: linux-audit@redhat.com
[-- Attachment #1.1: Type: text/plain, Size: 530 bytes --]
I would like to receive events on unix socket in binary format.
There is already another program that is reading events from unix socket in
string format.
I created another config file as below...
active = yes
direction = out
path = builtin_af_unix
type = builtin
args = 0640 /var/run/satish_events
format = binary
In my test program I am reading events from the socket
/var/run/satish_events
Surprisingly I see events in string format as well as binary format.
Is it by design or a bug?
--
Please Donate to www.wikipedia.org
[-- Attachment #1.2: Type: text/html, Size: 810 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Getting events on unix socket
2015-07-29 18:29 Getting events on unix socket Satish Chandra Kilaru
@ 2015-07-30 15:51 ` Steve Grubb
2015-07-30 15:58 ` Satish Chandra Kilaru
0 siblings, 1 reply; 3+ messages in thread
From: Steve Grubb @ 2015-07-30 15:51 UTC (permalink / raw)
To: linux-audit
On Wednesday, July 29, 2015 02:29:23 PM Satish Chandra Kilaru wrote:
> I would like to receive events on unix socket in binary format.
> There is already another program that is reading events from unix socket in
> string format. I created another config file as below...
>
> active = yes
> direction = out
> path = builtin_af_unix
> type = builtin
> args = 0640 /var/run/satish_events
> format = binary
>
> In my test program I am reading events from the socket
> /var/run/satish_events
> Surprisingly I see events in string format as well as binary format.
>
> Is it by design or a bug?
I'd have to check. I don't think it was intended to run more than one
instance. What is better, though, is to write the plugin to just read stdin.
-Steve
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Getting events on unix socket
2015-07-30 15:51 ` Steve Grubb
@ 2015-07-30 15:58 ` Satish Chandra Kilaru
0 siblings, 0 replies; 3+ messages in thread
From: Satish Chandra Kilaru @ 2015-07-30 15:58 UTC (permalink / raw)
To: Steve Grubb; +Cc: linux-audit@redhat.com
[-- Attachment #1.1: Type: text/plain, Size: 1055 bytes --]
Thank you.
reading from stdin works. However, my program runs as a thread in a daemon
that does many other things. I cannot use stdin.
--Satish
On Thu, Jul 30, 2015 at 11:51 AM, Steve Grubb <sgrubb@redhat.com> wrote:
> On Wednesday, July 29, 2015 02:29:23 PM Satish Chandra Kilaru wrote:
> > I would like to receive events on unix socket in binary format.
> > There is already another program that is reading events from unix socket
> in
> > string format. I created another config file as below...
> >
> > active = yes
> > direction = out
> > path = builtin_af_unix
> > type = builtin
> > args = 0640 /var/run/satish_events
> > format = binary
> >
> > In my test program I am reading events from the socket
> > /var/run/satish_events
> > Surprisingly I see events in string format as well as binary format.
> >
> > Is it by design or a bug?
>
> I'd have to check. I don't think it was intended to run more than one
> instance. What is better, though, is to write the plugin to just read
> stdin.
>
> -Steve
>
--
Please Donate to www.wikipedia.org
[-- Attachment #1.2: Type: text/html, Size: 1700 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-07-30 15:58 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-07-29 18:29 Getting events on unix socket Satish Chandra Kilaru
2015-07-30 15:51 ` Steve Grubb
2015-07-30 15:58 ` Satish Chandra Kilaru
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.