[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-devel-list
Subject:    Re: Layering an IDS on Linux - prepwork
From:       Steve G <linux_4ever () yahoo ! com>
Date:       2007-08-06 0:30:54
Message-ID: 263878.50100.qm () web51506 ! mail ! re2 ! yahoo ! com
[Download RAW message or body]


> It would even be nice if there was a "a program dumped core. Can I send a
backtrace
> to the distro vendor?" program that would allow fedora (and others) to get
> statistical information about where the most common crashes happen.

That would be easy to add as a plugin to the audit event dispatcher. All it would
have to do is filter on the ANOM_ABEND event type and then do further analysis.
There is an example filter program here: /usr/share/doc/audit-1.5.6/skeleton.c
that could be used as the basis for this kind of tool. 

Right now the audit event dispatcher only supports one plugin. audispd is being
rewritten so that many plugins could be written besides setroubleshoot that do
realtime analysis of events.

-Steve


       
____________________________________________________________________________________
Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's \
economy) at Yahoo! Games. http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow \


-- 
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list


[prev in list] [next in list] [prev in thread] [next in thread]