datastructures sent by auditSubsystem to audit daemon - Linux-audit - Linux-Audit List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

datastructures sent by auditSubsystem to audit daemon

Re: [PATCH, v3 1/8]...

audit event parsing library

Abhishek Gupta

Thursday, 13 December 2007 Thu, 13 Dec '07

2:23 a.m.

Which are the specific datastructures(containing various fields such as events,etc) that is sent by auditSubsystem to audit daemon? And in which file they are present..

Attachments:

attachment.html (text/html — 176 bytes)

Reply

Show replies by date

Steve Grubb

Thursday, 13 December Thu, 13 Dec

5:35 a.m.

On Thursday 13 December 2007 03:23:34 Abhishek Gupta wrote:

Which are the specific datastructures(containing various fields such as events,etc) that is sent by auditSubsystem to audit daemon?

Its not a data structure. The kernel sends a text string to the audit daemon via the netlink interface. The audit daemon takes the message type number and looks it up to get the text string for that type and substitutes that when it writes to disk so that its a little more friendly to view.

And in which file they are present..

Typically, they are written to /var/log/audit/audit.log. You can see the messages there and they are basically unaltered. -Steve

Reply

6219

days inactive

6219

days old

linux-audit@lists.linux-audit.osci.io

Manage subscription

1 comments

2 participants

tags (0)

participants (2)

Abhishek Gupta
Steve Grubb