On Wednesday 24 May 2006 20:22, Leigh Purdie wrote:
So, to rephrase my question slightly - is there a programmatic way
to
turn syscall=5 into syscall=execve that anyone can suggest?
OK, then libaudit has that function, audit_syscall_to_name(). There are
several factors that have to be considered to correctly interpret a syscall
name.
WRT perl, I'm language agnostic. If there's better support
for audit
in python, I'll switch the code over.
Yes, there is better support for python right now. We've also written a
dispatcher used for real-time SE Linux event analysis using python. It grabs
the events as a dictionary and passes them on for analysis. I should be
releasing audit-1.2.3 today which improves python support a little bit more.
-Steve