Re: auditd 2.0.5 and 2.2 log format changes
Thanks for prompt reply.
The kernel versions are very close.
Redhat: 2.6.32-431.11.2.el6.x86_64
Suse: 2.6.37.1-1.2-desktop
Is there any change in audit.rules format?
Have a nice days.
2014-05-20 18:31 GMT+03:00 Steve Grubb <sgrubb(a)redhat.com>:
On Tue, 20 May 2014 18:18:14 +0300
Ismail Yenigul <ismailyenigul(a)gmail.com> wrote:
> I have a scipt to correlate(for user friendly report) auditd 2.2
> version logs. It works on RedHat.
> We have suse 11.4 server running audit 2.0.5 version .
>
> I could not see any major log format difference between two version.
> I see that there is nametype=NORMAL field difference at the end of
> each line for version 2.2.
This is not related to auditd. This is a change in the kernel. Auditd
just distributes events to disk and other applications.
> Is there any other log format changes between two versions?
There are likely differences in the kernels (and possibly user space
apps). I have no idea what they are.
-Steve
Attachments:
- attachment.html (text/html — 1.6 KB)