On Apr 18, Rick James wrote:
> It may be worth noting that McAfee chose not to use the audit plugin
> facility, instead picked the daemon plugin point. Sounds like the
> audit plugin point is not 'good enuf'.
1. There was no audit plugins in 5.1.
2. You certainly *do not* want to do it the way McAfee did. They
hot-patch the binary in memory. Nor we wanted to imply that this is
the only (or recommended) way of writing plugins.
3. Instead, McAfee should've tell what audit functionality they need,
and have the API extended. Because the API was intentionally written
very limited, as we planned to extend it on request. But because of
(1) - no audit in 5.1 - this last point is moot.
Indeed, as McAfee wrote a plugin for 5.1, there was not much of a