Re: saddr value in connect()

Sorry for the long delay in getting back. On May 6, 2014, at 10:55 AM, Steve Grubb <sgrubb(a)redhat.com&gt; wrote: (1) I hadn’t run across the code repository until after you had mentioned it (I’ve only been actively looking at Linux auditing for a few weeks), and (2) I am still very much in the learning phase, trying to figure out what is in the data, what type of configuration I would like, etc. I will take a look at auparse soon. I am particularly interested in performance. My first parsing effort is *way* too slow. I use C++ regex a lot, and that seems to be a problem. If anyone is interested is seeing Linux audit data (along with BSM) on a Mac, I posted a blog entry along with a little video: Analyzing Linux Audit Data http://www.toddheberlein.com/blog/2014/5/13/analyzing-linux-audit-data Can I ask what type of changes and what is motivating the changes? Thanks, Todd