Re: VFS hooks analysis (pass 1)
On Friday 09 September 2005 11:31, Linda Knippers wrote:
I also think there's too much duplicate information in the audit
records
today with alot of the same information in the watch records and in the
syscall records that caused the watch records to be emitted.
True.
Are there cases where a watch record is appropriate by itself without
a
syscall record?
Not that I know of. You need the subject and the outcome.
If not, then we could pull alot of the information out of the watch
record
since the same information is available in the syscall records.
This is what I would like to do.
Can streamlining the audit informatin be looked at as part of this
activity or should it be a separate effort?
I think this is separate. We could streamline today and then the new code
pickup those changes
-Steve