From mboxrd@z Thu Jan  1 00:00:00 1970
From: Kevin Boyce <kevin.boyce@ngc.com>
Subject: Audit Dispatcher
Date: Mon, 25 Feb 2008 15:56:15 -0500
Message-ID: <1203972975.5209.24.camel@pc070168.northgrum.com>
Reply-To: kevin.boyce@ngc.com
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0040036007=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m1PKute5007624
	for <linux-audit@redhat.com>; Mon, 25 Feb 2008 15:56:55 -0500
Received: from xmrm0101.northgrum.com (xmrm0101.northgrum.com
	[155.104.240.104])
	by mx3.redhat.com (8.13.8/8.13.8) with ESMTP id m1PKuMur002422
	for <linux-audit@redhat.com>; Mon, 25 Feb 2008 15:56:22 -0500
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com


--===============0040036007==
Content-Type: multipart/alternative; boundary="=-Hi/Ej2sP5kSDqSernQ0s"


--=-Hi/Ej2sP5kSDqSernQ0s
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

All,

Is there any recommended audit dispatcher for the the RHEL audit daemon?

Thanks,
Kevin Boyce
Northrop Grumman Corp.

--=-Hi/Ej2sP5kSDqSernQ0s
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/3.12.2">
</HEAD>
<BODY>
All,<BR>
<BR>
Is there any recommended audit dispatcher for the the RHEL audit daemon?<BR>
<BR>
Thanks,<BR>
Kevin Boyce<BR>
Northrop Grumman Corp.
</BODY>
</HTML>

--=-Hi/Ej2sP5kSDqSernQ0s--


--===============0040036007==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============0040036007==--

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: Audit Dispatcher
Date: Mon, 25 Feb 2008 16:05:30 -0500
Message-ID: <200802251605.30863.sgrubb@redhat.com>
References: <1203972975.5209.24.camel@pc070168.northgrum.com>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <1203972975.5209.24.camel@pc070168.northgrum.com>
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com, kevin.boyce@ngc.com
List-Id: linux-audit@redhat.com

On Monday 25 February 2008 15:56:15 Kevin Boyce wrote:
> Is there any recommended audit dispatcher for the the RHEL audit daemon?

In the 5.2 update we are switching from the python based dispatcher (audit 
1.4.1 era) to an improved C based multi-threaded dispatcher (roughly current 
with 1.6.8's). I will probably be backporting the same dispatcher to RHEL4.7.

There very well could be other 3rd party dispatchers out there, but I don't 
know where you would find them and I have not tested them. Also, the 
dispatcher needs SE Linux policy updates since auditd_t is a confined domain. 
So, a third party dispatcher has that hurdle to jump over, too.

-Steve