Reserved fields in audit log structure - Linux-audit - Linux-Audit List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Reserved fields in audit log structure

Audit log Fields

[PATCH] audit: Fix typo in comment

Sowndarya K

Thursday, 11 February 2016 Thu, 11 Feb '16

12:12 a.m.

What are the reserved fields in audit log structure?

Attachments:

attachment.html (text/html — 77 bytes)

Reply

Show replies by date

Burn Alting

Thursday, 11 February Thu, 11 Feb

5:55 a.m.

Hi, Are asking about the existing known field names found in the following https://people.redhat.com/sgrubb/audit/audit-events.txt or something else? On Thu, 2016-02-11 at 11:42 +0530, Sowndarya K wrote:

What are the reserved fields in audit log structure? -- Linux-audit mailing list Linux-audit(a)redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Reply

Steve Grubb

Friday, 12 February Fri, 12 Feb

12:54 p.m.

On Thursday, February 11, 2016 11:42:27 AM Sowndarya K wrote:

What are the reserved fields in audit log structure?

There are known fields that kind of mean reserved because we expect them to be a certain way. Its documented here: http://people.redhat.com/sgrubb/audit/audit-events.txt and a test suite to verify events are searchable here: http://people.redhat.com/sgrubb/audit/ausearch-test-0.5.tar.gz And we need to continue work on the validation suite so that it can be used to check events completely. -Steve

Reply

3235

days inactive

3236

days old

linux-audit@lists.linux-audit.osci.io

Manage subscription

2 comments

3 participants

tags (0)

participants (3)

Burn Alting
Sowndarya K
Steve Grubb