Audit Subsystem Documentation

Wednesday, 27 September 2006

Where can I find documentation regarding the underlying audit subsystem within the Linux
kernel? 
Specifically, the protocol docs for NETLINK_AUDIT, so that I may query the subsystem from
any sort
of language that supports NETLINK socket communication.

Does such documentation even exist?  If not, could somebody provide me with samples or a
basic
idea/flow of how it all works?  I'd be willing to write it all down for public viewing
if it
hasn't yet been done and if someone can get me started.

Thanks,
Azrael

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004