#! /bin/sh

if [ "$1" = "--version" ]
then
cat << EOF
ccs-auditd 1.8.0

Copyright (C) 2005-2010 NTT DATA CORPORATION.

This program is free software; you may redistribute it under the terms of
the GNU General Public License. This program has absolutely no warranty.
EOF
elif [ "$1" = "--help" ]
then
cat << EOF
Usage: ccs-auditd [remote_ip:remote_port]

This program reads access request logs from kernel and writes to specified location.

By running this program upon startup, you can save access logs in domain_policy file's format.

 remote_ip:remote_port  Get audit logs via agent listening at specified IP address and port number.

Rules are defined in /etc/ccs/tools/auditd.conf . Only first matching rule is used. If none matched, the audit log will be discarded.

Examples:

 # discard all granted logs.

 header.contains granted=yes

 destination /dev/null

 # write audit logs from Apache and its descendent domains to /var/log/tomoyo/apache.log .

 domain.starts <kernel> /usr/sbin/httpd

 destination /var/log/tomoyo/apache.log

EOF
else
cat << EOF | help2man -i - -N -s 8 -n "TOMOYO Linux's auditing daemon" $0 | gzip -9 > man8/ccs-auditd.8.gz
[NOTES]

 Start this program from appropriate stage such as /etc/rc.local .

[SEE ALSO]

 ccs-editpolicy-agent (8)

[AUTHORS]

 penguin-kernel _at_ I-love.SAKURA.ne.jp

EOF
fi
exit 0
