freebsd security - Sep 2008 - Missing /dev/auditpipe

Hello,

Running RELENG_7 (and HEAD too), and I can't find the auditpipe device. 
Is there anything which should be set in order to make it useable?

auditd runs and logs to /var/audit, which I can read with praudit.

Thanks,

On Thu, 25 Sep 2008, Attila Nagy wrote:
> Running RELENG_7 (and HEAD too), and I can't find the auditpipe device.
Is
> there anything which should be set in order to make it useable?
>
> auditd runs and logs to /var/audit, which I can read with praudit.
(Following up to the list because Attila and I exchanged e-mail offline)

The problem here was that /dev/auditpipe is cloning, so it doesn't exist
until
you try to open it.  In FreeBSD 8.x, and possibly 7.2, we're moving to the
new
per-cdev private data so that /dev/auditpipe will always exist supporting 
multiple session, and there won't be a series of dynamicall created devices,
but that's not ready to hit a release yet.

Robert N M Watson
Computer Laboratory
University of Cambridge