Re: auditd 2.0.5 and 2.2 log format changes
On Tue, 20 May 2014 18:18:14 +0300
Ismail Yenigul <ismailyenigul(a)gmail.com> wrote:
I have a scipt to correlate(for user friendly report) auditd 2.2
version logs. It works on RedHat.
We have suse 11.4 server running audit 2.0.5 version .
I could not see any major log format difference between two version.
I see that there is nametype=NORMAL field difference at the end of
each line for version 2.2.
This is not related to auditd. This is a change in the kernel. Auditd
just distributes events to disk and other applications.
Is there any other log format changes between two versions?
There are likely differences in the kernels (and possibly user space
apps). I have no idea what they are.
-Steve