From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: About "tcp_client_max_idle" in /etc/audit/auditd.conf Date: Fri, 26 Dec 2008 07:47:53 -0500 Message-ID: <200812260747.54325.sgrubb@redhat.com> References: <003101c96728$adde4e70$958da70a@truly> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <003101c96728$adde4e70$958da70a@truly> Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Chu Li Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com On Friday 26 December 2008 02:07:56 am Chu Li wrote: > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0When reading manpage of audit= d.conf, I found "heartbeat" in the > explanation of " tcp_client_max_idle". But in the manpage of > audisp-remote.conf there is no description about it.=20 I think it was assumed that an admin that is setting this up will read bo= th=20 man pages since both ends need some adjustments. > How to use "tcp_client_max_idle" and what is "heartbeat"? This is a message being passed back and forth so that each end knows the = other=20 is still alive. If one end segfaults, for example, it won't send a tcp cl= ose=20 and the connection can linger for a while. This lets each end decide that= the=20 other is not working properly and then take admin selected actions. > What will happen if "tcp_client_max_idle" and "heartbeat" is not set as > zero? Then it will perform the heart beat protocol with the max idle seconds be= ing=20 the deciding factor. I can add some explanation to the man pages. -Steve