From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vishwanath Venkatesan Subject: Events lost with dispatcher Date: Wed, 31 Mar 2010 15:07:59 -0400 Message-ID: <28B815FA-A40A-4864-8268-79FA1D5223C6@gmail.com> Mime-Version: 1.0 (Apple Message framework v936) Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Content-Transfer-Encoding: 7bit Return-path: Received: from mx1.redhat.com (ext-mx07.extmail.prod.ext.phx2.redhat.com [10.5.110.11]) by int-mx05.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o2VJ8DtT006033 for ; Wed, 31 Mar 2010 15:08:13 -0400 Received: from serrano.cc.columbia.edu (serrano.cc.columbia.edu [128.59.29.6]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o2VJ80Uj005954 for ; Wed, 31 Mar 2010 15:08:00 -0400 Received: from dhcp29.cs.columbia.edu (dhcp29.cs.columbia.edu [128.59.19.229]) (user=vv2178 mech=PLAIN bits=0) by serrano.cc.columbia.edu (8.14.3/8.14.3) with ESMTP id o2VJ7xgs013527 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for ; Wed, 31 Mar 2010 15:08:00 -0400 (EDT) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com Hi, I having troubles receiving events with the dispatcher in ubuntu-9.04. I am just trying to use the rule -a entry, always -S execve -S exit_group I receive all the events in the audit.log, but not in the dispatcher. I am using the dispatcher code in the auditd website. I also using two threads where in one thread collects all the data and the other thread does the parsing. So there is no blocking and the queue is an unbounded concurrent queue. I don't think there can't anything else done at the receiving end. If anyone has faced something similar or have suggestions, please let me know Thanks Vish