Re: Audit log Fields

Thursday, 11 February 2016

Sowndarya,

Are you are asking how do you propose another public field name to be
added to the list in
https://people.redhat.com/sgrubb/audit/audit-events.txt ?

If so, I'd suggest you provide

a. Proposed field name
b. Description of it's content.
c. Describe how it's going to be used.

The list can then make comment and/or provide advice.

Steve,

Perhaps we could update the above document to advise users what they
should offer in such a proposal.

Perhaps further, we could offer a generic solution on how one could
define a 'non-public' field name. That is, a 'non-public' field is one
which could not, via it's nomenclature, conflict with a current or
future 'public' (aka published) field name. Such non-public fields could
then be used by capability that only needs the audit source and audit
consumer to be aware of the field.

Hopefully I am not reading too much into the original request.

Regards

On Thu, 2016-02-11 at 18:07 +0530, Sowndarya K wrote:
...
 As of now there are so many proposed fields in the audit event log ,
 if I wanted to one proposed field which is of not use as much ,which
 one can I chose for ? 
 --
 Linux-audit mailing list
 Linux-audit(a)redhat.com
 https://www.redhat.com/mailman/listinfo/linux-audit 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: Audit log Fields