From mboxrd@z Thu Jan  1 00:00:00 1970
From: Matthew Booth <mbooth@redhat.com>
Subject: Announcing austream
Date: Wed, 12 Sep 2007 19:01:05 +0100
Message-ID: <1189620065.4764.39.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0127898931=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from [10.171.149.22] (sebastian-int.corp.redhat.com [172.16.52.221])
	by pobox.fab.redhat.com (8.13.1/8.13.1) with ESMTP id l8CI1Rbx007880
	for <linux-audit@redhat.com>; Wed, 12 Sep 2007 14:01:28 -0400
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com


--===============0127898931==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="=-gfQnvhPsW4Gbz6ejT4MM"


--=-gfQnvhPsW4Gbz6ejT4MM
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

austream is a utility to stream audit logs to a remote hosts via syslog.
Its features are:

* Works on both auditd and laus (on laus it's a dispatcher)
* Messages sent immediately off-node
* Sends syslog packets directly, without going through syslogd
* Very low overhead, even at extreme volume (8,000 events/sec)

Tested platforms are RHEL 4 U4+ and RHEL 3 U8+.

There are a few caveats, though. Foremost is the fact that it's not a
dispatcher: it replaces auditd. This is because, to date, development
has been tightly focused on a single set of requirements.

It's still under development. Some bigger items on my todo list are:
* Message inspection to turn PATH records into absolute paths
* Limited output buffering
* Option to run as a dispatcher
* Host it somewhere

The git repository is available at git://heisenbug.com/austream.git.
Please have a look. Patches welcome.

To build:
./configure TARGET=3D(laus|auditd)
make
or
make rpm

If you build the auditd rpm, when it installs it will add itself
to /etc/inittab. Make sure you configure the destination
in /etc/sysconfig/austream before doing 'telinit q'.

Matt
--=20
Matthew Booth, RHCA, RHCSS
Red Hat, Global Professional Services

M:       +44 (0)7977 267231
GPG ID:  D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490

--=-gfQnvhPsW4Gbz6ejT4MM
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBG6ClhNEHqGdM8NJARAjdGAJ4ghvITI3MLae2ZeCJ/NTTe51yFoQCfTRI3
OqbuL1BH8yy+rpyc0LWscgs=
=do5D
-----END PGP SIGNATURE-----

--=-gfQnvhPsW4Gbz6ejT4MM--


--===============0127898931==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============0127898931==--