Provided by: tomoyo-tools_2.4.0-20111025-3_amd64
tomoyo-auditd - access request logs recording daemon for TOMOYO Linux
tomoyo-auditd tomoyo-auditd <remote_ip:remote_port>
This program reads access request logs from the kernel and writes to the location(s) specified in the configuration file. By running this program at startup, access request logs for all or selected domains can be stored to aid in system administration. The format of these logs is similar to domain policy so they can be used to aid in the development of policy. The writing of these logs is controlled by rules defined in /etc/tomoyo/tools/auditd.conf. If an access request log matches a rule, then it will be written to the specified file. This can be used to split access request logs into multiple files to make administration easier. Only the first matching rule is used, so any single access request log will be written to a maximum of one output file. If the access request log does not match any rules, it will be discarded.
<remote_ip:remote_port> Retrieve access request logs via an agent connected to the specified IP address and port number.
Discard all granted logs: header.contains granted=yes destination /dev/null Write access request logs from Apache and its descendent domains to /var/log/tomoyo/apache.log : domain.starts <kernel> /usr/sbin/httpd destination /var/log/tomoyo/apache.log
This program should be started from the appropriate stage during startup, for example in /etc/rc.local.
If there are any bugs, send an email with as much detail as possible to tomoyo-users- email@example.com
Main authors: · Tetsuo Handa <penguin-kernel AT I-love.SAKURA.ne.jp> Other contributers: · Jamie Nguyen <jamie AT tomoyolinux.co.uk> Man pages, documentation and website.
tomoyo-editpolicy-agent(8) See http://tomoyo.sourceforge.jp/ for more information.