On 2007-05-25 03:22, Alexey Mikhailov <[EMAIL PROTECTED]> wrote: > Hello!
Hi Alexey :) > http://wiki.freebsd.org/DistributedAuditDaemon > [...] > Consider this picture ( Yes, I know that my ASCII art sucks :-) ) > > '----------------` '-----------------` > | | '---------` | Client-specific | > | User-space app | <== | API [2] | ==> | part of | > | [1] | `---------' | "dlogd" [3] | > `----------------' `-----------------' > ^^ > || > || > > (network level) [4] > > || > || > vv > '-----------------` > '===============` | Server-specific | > | File system | <======== | part of | > | hierarchy [6] | | "dlogd" [5] | > `===============' `-----------------' [...] > [1] <=> [2]: Shared user-space library will incapsulate API. > And I really want to keep real API simple. At this moment > I'm going to have only one function that will mark log file > as "to deliver" (i.e. dlogd_submit("/var/audit/whatever")). It may be worth keeping the API simple by having only two calls: dlog_register("/var/audit/file"); dlog_unregister("/var/audit/file"); Then dlogd can use kqueue to monitor the file itself, so you don't need special calls/methods to notify it of new events arriving on the file. This is just an idea, and I haven't fully thought all the details of how a "flush" operation could be implemented if dlogd used kqueue itself. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
