audispd.conf man page on YellowDog

Man page or keyword search:  
man Server   18644 pages
apropos Keyword Search (all sections)
Output format
YellowDog logo
[printable version]

AUDISPD.CONF:(5)	System Administration Utilities	      AUDISPD.CONF:(5)

NAME
       audispd.conf - the audit event dispatcher configuration file

DESCRIPTION
       audispd.conf  is	 the file that controls the configuration of the audit
       event dispatcher. The options that are available are as follows:

       q_depth
	      This is a numeric value that tells how big to make the  internal
	      queue of the audit event dispatcher. A bigger queue lets it han‐
	      dle a flood of events better, but could hold events that are not
	      processed	 when the daemon is terminated. If you get messages in
	      syslog about events getting dropped, increase  this  value.  The
	      default value is 80.

       overflow_action
	      This  option determines how the daemon should react to overflow‐
	      ing its internal queue. When this happens, it  means  that  more
	      events  are  being  received  than it can get rid of. This error
	      means that it is going to lose the current event its  trying  to
	      dispatch. It has the following choices: ignore, syslog, suspend,
	      single, and halt.	 If set to  ignore,  the  audisp  daemon  does
	      nothing.	 syslog	 means that it will issue a warning to syslog.
	      suspend will cause the audisp daemon to stop processing  events.
	      The daemon will still be alive. The single option will cause the
	      audisp daemon to put the computer system in  single  user	 mode.
	      halt  option  will  cause the audisp daemon to shutdown the com‐
	      puter system.

       priority_boost
	      This is a non-negative number that tells the  audit  event  dis‐
	      patcher  how much of a priority boost it should take. This boost
	      is in addition to the boost provided from the audit daemon.  The
	      default is 4. No change is 0.

       name_format
	      This  option  controls how computer node names are inserted into
	      the audit event stream. It  has  the  following  choices:	 none,
	      hostname,	 fqd,  numeric, and user.  None means that no computer
	      name is inserted into the audit event.   hostname	 is  the  name
	      returned by the gethostname syscall. The fqd means that it takes
	      the hostname and resolves it with	 dns  for  a  fully  qualified
	      domain  name  of that machine.  Numeric is similar to fqd except
	      it resolves the IP address of the machine.   User	 is  an	 admin
	      defined string from the name option. The default value is none.

       name   This  is the admin defined string that identifies the machine if
	      user is given as the name_format option.

SEE ALSO
       audispd(8)

Red Hat				   Jan 2008		      AUDISPD.CONF:(5)
[top]

List of man pages available for YellowDog

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net