diff options
author | rwatson <rwatson@FreeBSD.org> | 2006-02-06 22:50:39 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2006-02-06 22:50:39 +0000 |
commit | a1af4bcfbd3d8ae9e1489758061243e6b96bfcf4 (patch) | |
tree | 79dccf47f6dce13391a0e203fbf862d754fd31a5 /sys/security/audit/audit_private.h | |
parent | 64630e1791f8ce1be4b0faed295f2d33434d18f0 (diff) | |
download | FreeBSD-src-a1af4bcfbd3d8ae9e1489758061243e6b96bfcf4.zip FreeBSD-src-a1af4bcfbd3d8ae9e1489758061243e6b96bfcf4.tar.gz |
Add support for audit pipe special devices, which allow user space
applications to insert a "tee" in the live audit event stream. Records
are inserted into a per-clone queue so that user processes can pull
discreet records out of the queue. Unlike delivery to disk, audit pipes
are "lossy", dropping records in low memory conditions or when the
process falls behind real-time events. This mechanism is appropriate
for use by live monitoring systems, host-based intrusion detection, etc,
and avoids applications having to dig through active on-disk trails that
are owned by the audit daemon.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/audit/audit_private.h')
-rw-r--r-- | sys/security/audit/audit_private.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/security/audit/audit_private.h b/sys/security/audit/audit_private.h index 4d6d4b4..c23289f 100644 --- a/sys/security/audit/audit_private.h +++ b/sys/security/audit/audit_private.h @@ -297,4 +297,9 @@ void audit_shutdown(void *arg, int howto); void audit_rotate_vnode(struct ucred *cred, struct vnode *vp); +/* + * Audit pipe functions. + */ +void audit_pipe_submit(void *record, u_int record_len); + #endif /* ! _BSM_AUDIT_PRIVATE_H */ |