[Crash-utility] feature to dump audit logs in vmcore
Hatayama, Daisuke
d.hatayama at jp.fujitsu.com
Mon Mar 13 08:35:19 UTC 2017
Dave,
> > > Anyway, I definitely don't see it as a top-level built-in command. Perhaps
> you could
> > > argue for an option to an existing command -- "ps", "log" or "sys" maybe?
> > >
> >
> > Yes, I never definitely need the name "dumpaudit.
> >
> > I think log command is best suited in meaning for audit logs.
> >
> > By the way. I don't understand why you listed ps command first.
> > I don't find any similarity to ps command with audit.
>
> It was just an off-the-top-of-my-head suggestion, where I thought of it because
> auditing is often
> concerned with process-related events. But given there are other kinds of
> things that get audited,
> I agree that "log" is more suitable.
>
I've written the first version of the patch adding a feature to dump kernel
audit logs as log -a.
Could you review this patch?
I made this patch on top of today's latest commit on github crash utility
repository:
https://github.com/crash-utility/crash/commit/ed60e97e319a1cfc9e2779aa1baac305677393d8
Thanks.
HATAYAMA, Daisuke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-a-feature-to-dump-audit-logs-in-log-command-as-a.patch
Type: application/octet-stream
Size: 11193 bytes
Desc: 0001-Add-a-feature-to-dump-audit-logs-in-log-command-as-a.patch
URL: <http://listman.redhat.com/archives/crash-utility/attachments/20170313/d9c1f3e2/attachment.obj>
More information about the Crash-utility
mailing list