Using syslog it seems straight forward to insert a new message ,  ‘syslog (LOG_NOTICE, “Hello This is just a notice”)’ for instance.

 

Does this capability exist already in linux audit and I’m just not seeing it???

 

Is it a bad idea to build and then to insert a custom audit/message, or any standard audit, into the audit.log file?

 

If so are there any problems to look out for , e.g event id/sequence number collisions, auparse or ausearch problems, formatting issues to adhere to???

 

Thanks

 

 


This e-mail and any files transmitted with it may be proprietary and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender.
Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of ITT Corporation. The recipient should check this e-mail and any attachments for the presence of viruses. ITT accepts no liability for any damage caused by any virus transmitted by this e-mail.