README.auditd
1 Auditd Daemon
2
3 The audit daemon is a simplified version of its desktop
4 counterpart designed to gather the audit logs from the
5 audit kernel subsystem. The audit subsystem of the kernel
6 includes Linux Security Modules (LSM) messages as well.
7
8 To enable the audit subsystem, you must add this to your
9 kernel config:
10 CONFIG_AUDIT=y
11
12 To enable a LSM, you must consult that LSM's documentation, the
13 example below is for SELinux:
14 CONFIG_SECURITY_SELINUX=y
15
16 This does not include possible dependencies that may need to be
17 satisfied for that particular LSM.
18
README.property
1 The properties that logd responds to are:
2
3 name type default description
4 logd.auditd bool true Enable selinux audit daemon
5 logd.auditd.dmesg bool true selinux audit messages duplicated and
6 sent on to dmesg log
7 logd.statistics.dgram_qlen bool false Record dgram_qlen statistics. This
8 represents a performance impact and
9 is used to determine the platform's
10 minimum domain socket network FIFO
11 size (see source for details) based
12 on typical load (logcat -S to view)
13 persist.logd.size number 256K default size of the buffer for all
14 log ids at initial startup, at runtime
15 use: logcat -b all -G <value>
16 persist.logd.size.main number 256K Size of the buffer for the main log
17 persist.logd.size.system number 256K Size of the buffer for the system log
18 persist.logd.size.radio number 256K Size of the buffer for the radio log
19 persist.logd.size.event number 256K Size of the buffer for the event log
20 persist.logd.size.crash number 256K Size of the buffer for the crash log
21
22 NB:
23 - number support multipliers (K or M) for convenience. Range is limited
24 to between 64K and 256M for log buffer sizes. Individual logs override the
25 global default.
26