Hi Steve,
+ * 1500 - 1599 kernel LSPP events
+ * 1600 - 1699 kernel crypto events
+ * 1700 - 1999 future kernel use (maybe integrity labels and related events)
+ * 2000 is for otherwise unclassified kernel audit messages (legacy)
+ * 2001 - 2099 unused (kernel)
+ * 2100 - 2199 user space anomaly records
+ * 2200 - 2299 user space actions taken in response to anomalies
+ * 2300 - 2399 user space generated LSPP events
+ * 2400 - 2499 user space crypto events
+ * 2500 - 2999 future user space (maybe integrity labels and related events)
Can you describe what types of messages you'd expect to be in each
range? I'm unclear on what's an LSPP event and when a trusted program
would be expected to use the LSPP range vs. the 1100-1199 "user space
trusted application messages", especially if the trusted program is
part of the CAPP ST, the LSPP ST and also generally interesting.
I'm also not unclear on what the anomoly related records would be.
Thanks,
-- ljk