OpenSuSE Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help 
x SuSE Linux 13.1-RELEASE x
x SuSE Linux 13.1-RELEASEx
AUDISPD.CONF:(5)        System Administration Utilities       AUDISPD.CONF:(5)

NAME
       audispd.conf - the audit event dispatcher configuration file

DESCRIPTION
       audispd.conf  is  the file that controls the configuration of the audit
       event dispatcher. The options that are available are as follows:

       q_depth
              This is a numeric value that tells how big to make the  internal
              queue of the audit event dispatcher. A bigger queue lets it han-
              dle a flood of events better, but could hold events that are not
              processed  when the daemon is terminated. If you get messages in
              syslog about events getting dropped, increase  this  value.  The
              default value is 80.

       overflow_action
              This  option determines how the daemon should react to overflow-
              ing its internal queue. When this happens, it  means  that  more
              events  are  being  received  than it can get rid of. This error
              means that it is going to lose the current event its  trying  to
              dispatch. It has the following choices: ignore, syslog, suspend,
              single, and halt.  If set to  ignore,  the  audisp  daemon  does
              nothing.   syslog  means that it will issue a warning to syslog.
              suspend will cause the audisp daemon to stop processing  events.
              The daemon will still be alive. The single option will cause the
              audisp daemon to put the computer system in  single  user  mode.
              halt  option  will  cause the audisp daemon to shutdown the com-
              puter system.

       priority_boost
              This is a non-negative number that tells the  audit  event  dis-
              patcher  how much of a priority boost it should take. This boost
              is in addition to the boost provided from the audit daemon.  The
              default is 4. No change is 0.

       max_restarts
              This  is  a  non-negative number that tells the audit event dis-
              patcher how many times it can try to restart a  crashed  plugin.
              The default is 10.

       name_format
              This  option  controls how computer node names are inserted into
              the audit event stream. It  has  the  following  choices:  none,
              hostname,  fqd,  numeric, and user.  None means that no computer
              name is inserted into the audit event.   hostname  is  the  name
              returned by the gethostname syscall. The fqd means that it takes
              the hostname and resolves it with  dns  for  a  fully  qualified
              domain  name  of that machine.  Numeric is similar to fqd except
              it resolves the IP address of the machine.   User  is  an  admin
              defined string from the name option. The default value is none.

       name   This  is the admin defined string that identifies the machine if
              user is given as the name_format option.

SEE ALSO
       audispd(8)

Red Hat                            Jan 2008                   AUDISPD.CONF:(5)

Want to link to this manual page? Use this URL:
<http://star2.abcm.com/cgi-bin/bsdi-man?query=audispd.conf&sektion=5&manpath=>

home | help