Add a plugin

Add a plugin

[Adan]

[-- Attachment #1.1: Type: text/plain, Size: 706 bytes --]

Hello everyone,
 I want to add a plugin.
 I now konw how to debug with the command 
  * ausearch --start today --raw > test.log.
 *
 * Then you can test this app by: cat test.log | ./audisp-example
 Right now , I want to add it to the audit project to make it response to the event at the same time.
 What should I do?
  
 I really need your help,since I donot know how it pass a record to the plugin.
  
  
  ------------------
     祝
      身体健康，工作愉快！
                                      陈洁丹
  
 -----------------------------
 陈洁丹   北京邮电大学软件学院
 地 址：  北京邮电大学学二D12寝室
 邮 编：  100876
 Email:   buptsse@qq.com
 ---------------------------------

[-- Attachment #1.2: Type: text/html, Size: 2233 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: Add a plugin

[Steve Grubb]

On Wednesday 23 December 2009 02:58:13 am Adan wrote:
>  Right now , I want to add it to the audit project to make it response to
>  the event at the same time. What should I do?

You need to take this file:

https://fedorahosted.org/audit/browser/trunk/contrib/plugin/audisp-example.conf

Fill it out with the path to your executable and set active to yes.
Then install it to /etc/audisp/plugins.d/  and restart the audit daemon.
You should be able to do a "ps -ef" and see your plugin is running.
The location that your plugin installs to should probably be /sbin
and if your plugin needs a configuration file, it could be located
anywhere inside /etc. I generally choose /etc/audisp for SE Linux
reasons, but you can put it anywhere.

-Steve