[patches] Implement mode=forward in audisp-remote
Hello,
the attached patch series implements the store-and-forward mode in audisp-remote.
In mode=forward, as audisp-remote receives audit records, it automatically writes them to
a local file. Therefore neither an unexpected termination of audisp-remote nor problems
with the remote server can cause loss of the audit records, and audisp-remote will try to
resend all of the pending records before sending any later received audit record, or after
restarting audisp-remote. (Note that loss of audit records is still possible in other
cases, e.g. when the system crashes before the records are received by audisp-remote, or
when the local queue file is corrupted.)
Detailed description of the approach is included in the individual patches.
Mirek
Attachments:
- 10-split-dequeue.obj (application/octet-stream — 1.9 KB)
- 09-use-persistent-queue.obj (application/octet-stream — 5.6 KB)
- 08-config-persistence.obj (application/octet-stream — 7.1 KB)
- 07-implement-persistent-queue.obj (application/octet-stream — 26.6 KB)
- 06-drop-increase_queue_depth.obj (application/octet-stream — 1.2 KB)
- 05-decouple-do_overflow_action.obj (application/octet-stream — 4.9 KB)
- 04-use-make-dependencies.obj (application/octet-stream — 619 bytes)
- 03-fix-config-mode-type.obj (application/octet-stream — 479 bytes)
- 02-fix-leak-on-input-error.obj (application/octet-stream — 423 bytes)
- 01-dont-discard-data.obj (application/octet-stream — 747 bytes)
- 13-flush-queue-on-startup.obj (application/octet-stream — 2.0 KB)
- 12-fold-old-queue-interface.obj (application/octet-stream — 6.0 KB)
- 11-drop-event_t.obj (application/octet-stream — 3.4 KB)