Re: [PATCH] auvirt: a new tool for reporting events related to virtual machines
I took a look at some anomaly events and I'm thinking to correlate them
to guests based on the SELinux context or maybe based on the pid field.
Do you think there is another ways to correlate them?
Regards,
Marcelo
On 01/11/2012 07:20 PM, Steve Grubb wrote:
On Thursday, January 05, 2012 11:44:57 AM Marcelo Cerri wrote:
> But I'm not sure what means "anomaly events". Would it be malformed
> records (without some fields, for example) or a specific record type
> generated by the kernel or some other userspace application?
No, these are events in the range of AUDIT_FIRST_ANOM_MSG and
AUDIT_LAST_ANOM_MSG and some from the kernel in the range of
AUDIT_FIRST_KERN_ANOM_MSG and AUDIT_LAST_KERN_ANOM_MSG.
-Steve