Events lost with dispatcher

Wednesday, 31 March 2010

Hi,

I having troubles receiving events with the dispatcher in ubuntu-9.04.

I am just trying to use the rule
-a entry, always -S execve -S exit_group
I receive all the events in the audit.log, but not in the dispatcher.
I am using the dispatcher code in the auditd website.

I also using two threads where in one thread collects all the data and  
the other thread does the parsing.
So there is no blocking and the queue is an unbounded concurrent queue.
I don't think there can't anything else done at the receiving end.

If anyone has faced something similar or have suggestions, please let  
me know

Thanks
Vish

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Events lost with dispatcher