In the same way, in the kernel side
Can I able to add one new field to the audit log structure without breaking Compatibility?If so,
1.How can I add new field without breaking compatibility? 
or
2. Is there any reserve field in audit log structure so that I can make use of it?

 

On Wed, Apr 6, 2016 at 5:47 PM, Steve Grubb <sgrubb@redhat.com> wrote:
On Wednesday, April 06, 2016 05:25:36 PM Deepika Sundar wrote:
> Ok.If i wanted to add the new field to experiment on the requirement, which
> are the files(programs) that need changes or  to be updated to take effect
> on new field in auditd.conf?

auditd-config.c


> On Wed, Apr 6, 2016 at 5:20 PM, Steve Grubb <sgrubb@redhat.com> wrote:
> > On Wednesday, April 06, 2016 05:06:08 PM Deepika Sundar wrote:
> > > Can it be possible to add new field to auditd.conf file?
> >
> > That depends entirely on what functionality is being added and if its
> > acceptable to people in general.
> >
> > -Steve