Re: auditd 2.0.5 and 2.2 log format changes
On Tue, 20 May 2014 21:23:59 +0300
Ismail Yenigul <ismailyenigul(a)gmail.com> wrote:
By the way, do you have a plan to use Solaris bsm style output. All
info stored in a single line in bsm output.
The simple answer, no. The deisgn of the linux audit system is
different than the Solaris audit system. The multiple lines comes from
different parts of the kernel contributing what it knows about the
syscall once its been determined to be an event of interest.
This is more human friendly output.
There are some plans to make the out easier to understand. Its just
that there are other problems that need fixing before work can start on
that.
-Steve