Hi, all
I’m trying to build a generic audit client that works across a wide range of Linux
distributions from very old ones (e.g., CentOS 5.x) to relatively recent distributions
(e.g., Ubuntu 13.x or 14.x).
In the course of developing it, I found out the audit message format differs distributions
by distributions. For instance, earlier kernel versions do not emit EOE messages to
signify the end of a system call logging.
Could anyone give me a pointer that I can track message format history? If you don’t have
any single location or documentation for it, a piece of advice regarding how I can track
it by myself in an efficient way also would be very helpful.
Thanks a lot for your help in advance!
Regards, Kangkook
Show replies by date