Re: [PATCH] [AUDIT] Fix ANOM_PROMISCUOUS message format

On Thu, 2008-01-10 at 12:41 -0500, Steve Grubb wrote: > On Thursday 10 January 2008 12:25:23 Klaus Heinrich Kiwi wrote: > > Steve, as we talked earlier through IRC, ausearch/aureport are > > expecting the kernel anomalies messages to have auid= uid= gid= fields > > (in this order). This quick patch changes the ANOM_PROMISCUOUS message > > to the correct format (as already used by ANOM_ABEND). > > Thanks, would you mind making 2 changes to this? Add a test for > audit_enabled being true before calling audit_log...a long standing > oversight. And add a field at the end "res=1" since this doesn't appear > to be able to fail. I'm trying to get result fields in all events. Will do. Would you like something related to disabling this message when Xen in enabled?