SYNOPSIS

tomoyo-auditd

tomoyo-auditd [remote_ip:remote_port]

DESCRIPTION

This program reads access request logs from the kernel and writes to the locations specified in the configuration file. By running this program at startup, access request logs for either all domains or selected domains can be stored.

The format of the stored logs is similar to domain policy, so they can be used to help develop policy.

Configure this daemon in /etc/tomoyo/tools/auditd.conf. If an access request matches a rule, it will be written to the specified log file. This can be used to split access request logs into multiple files. Only the first matching rule is used, so any single access request log will be written to a maximum of one output file. If an access request log does not match any rules, it will be discarded.

Start this program from an appropriate stage during startup (e.g. /etc/rc.local).

OPTIONS

remote_ip:remote_port

Retrieve access request logs from a remote system via an agent, connecting to the specified \s-1IP\s0 address and port number.

BUGS

If you find any bugs, send an email to <[email protected]>.

AUTHORS

Tetsuo Handa <[email protected]>

Main author.

Jamie Nguyen <[email protected]>

Documentation and website.

RELATED TO tomoyo-auditd…

tomoyo-editpolicy-agent(8)

See <http://tomoyo.sourceforge.jp> for more information.