audit log exit - Linux-audit - Linux-Audit List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

audit log exit

audit 0.6 release

AVC messages

Steve Grubb

Wednesday, 5 January 2005 Wed, 5 Jan '05

7:27 a.m.

Hi, I was wondering why the code in audit_log_exit http://lxr.linux.no/source/kernel/auditsc.c?v=2.6.8.1#L582 loops spitting out packets? Why isn't the audit information sent as 1 packet? Just curious... -Steve Grubb

Reply

Show replies by date

Timothy R. Chavez

Wednesday, 5 January Wed, 5 Jan

2:27 p.m.

Hm, Could it be to minimize risk of filling up the buffer and to also a produce seperation of records? This way userspace auditd can stitch together a log record per name, based on the serial numbers? A one-to-many relationship so-to-speak. This way you get one record containing all the common information and X records containing all the unique information instead of one super huge record that's immensely difficult to parse or X records with a bunch of redundant information in them. -Tim On Wed, 5 Jan 2005 08:27:55 -0500, Steve Grubb <sgrubb(a)redhat.com> wrote:

Hi, I was wondering why the code in audit_log_exit http://lxr.linux.no/source/kernel/auditsc.c?v=2.6.8.1#L582 loops spitting out packets? Why isn't the audit information sent as 1 packet? Just curious... -Steve Grubb -- Linux-audit mailing list Linux-audit(a)redhat.com http://www.redhat.com/mailman/listinfo/linux-audit

-- - Timothy R. Chavez

Reply

7291

days inactive

7291

days old

linux-audit@lists.linux-audit.osci.io

Manage subscription

1 comments

2 participants

tags (0)

participants (2)

Steve Grubb
Timothy R. Chavez