In short, my question is: my program depends on audispd to dispatch audit messages, for security&#39;s sake, when audispd is killed, how can I know it happened in time in order to restart audispd?<div><br></div><div>Thanks.<br><br>On Tuesday, January 5, 2016, Steve Grubb &lt;<a href="mailto:sgrubb@redhat.com">sgrubb@redhat.com</a>&gt; wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Tuesday, January 05, 2016 06:08:54 PM Matthew Chao wrote:<br>
&gt; &gt;&quot;You can watch audispd, but I don&#39;t think that will help anything.<br>
&gt;<br>
&gt; my program totally depends on audispd to dispatch audit messages. I think<br>
&gt; audispd need more robust mechanisms to monitor itself killed, otherwise<br>
&gt; which inevitably leads to that audispd&#39; plugins receive nothing but always<br>
&gt; wait wait wait for event messages.<br>
&gt;<br>
&gt; So are there some alternative ways to monitor audispd killed in audit<br>
&gt; ver1.8 ?<br>
<br>
To help you, I need to know more about what the actual problem is that you are<br>
trying to solve. Would you like to explain the problem so we can help figure<br>
out how to address it?<br>
<br>
Thanks,<br>
-Steve<br>
</blockquote></div>