<div dir="ltr">Thank you.</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Apr 8, 2014 at 4:41 PM, Steve Grubb <span dir="ltr"><<a href="mailto:sgrubb@redhat.com" target="_blank">sgrubb@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">On Tuesday, April 08, 2014 10:53:40 AM Satish Chandra Kilaru wrote:<br>
> Hi<br>
><br>
> I want to understand the logs in /var/log/audit/audit.log. Where can I get<br>
> complete list of audit event types<br>
<br>
</div>ausearch -m help 2>&1 | tr ' ' '\n' | egrep '^[A-Z]' | egrep -v 'ALL|Valid' | sort<br>
<br>
> and what they mean?<br>
<br>
Each event type has some comment in the header files /usr/include/libaudit.h<br>
and /usr/include/linux/audit.h. There is also some documentation here:<br>
<br>
<a href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sec-Understanding_Audit_Log_Files.html" target="_blank">https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sec-Understanding_Audit_Log_Files.html</a><br>

<br>
And I want to think some other distros have docs as well.<br>
<span class="HOEnZb"><font color="#888888"><br>
-Steve<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br>Please Donate to <a href="http://www.wikipedia.org">www.wikipedia.org</a>
</div>