Hi I wrote a very simple program to retrieve netlink sockets (audit messages), But it stuck at recvfrom, am I missing something? #include <stdio.h> #include <unistd.h> #include <assert.h> #include <string.h> #include <stdlib.h> #include <math.h> #include <sys/socket.h> #include <linux/netlink.h> #define ERR_QUIT(a) do { perror(a); exit (1); } while (0); #ifndef PF_NETLINK # define PF_NETLINK 16 #endif char message [10000]; int main (int argc , char **argv) { int fd, len; struct sockaddr_nl nladdr; socklen_t nladdrlen = sizeof(nladdr); fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT); if (fd < 0) ERR_QUIT("socket"); len = recvfrom(fd, &message, sizeof(message), 0, (struct sockaddr*)&nladdr, &nladdrlen); if (len < 0) ERR_QUIT("recvfrom"); printf ("Received %d bytes\n", len); return 0; } -- Best Regards, Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com ) Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E -- Linux-audit mailing list Linux-audit(a)redhat.com https://www.redhat.com/mailman/listinfo/linux-audit