Audit Parsing Library Requirements
Michael C Thompson
mcthomps at us.ibm.com
Thu Mar 9 21:16:33 UTC 2006
Steve Grubb <sgrubb at redhat.com> wrote on 03/09/2006 01:21:12 PM:
> On Thursday 09 March 2006 14:13, Michael C Thompson wrote:
> > My understanding of auserach is to set up our search paramters and
> > then call ausearch_next_event to begin returning records which match
the
> > parameters we've set.
>
> Yes.
>
> > If this is the case, from a testing standpoint, it would be nice to be
able
> > to set up the parameters on every value of the record as we expect it
to
> > look.
>
> Please give an example to make sure I understand you.
Example:
chmod("myfile", 0777)
I would like to be able to specify to ausearch_set_param("a1", 0777). I
did not see in my version of ausearch that it was possible to specify an
argument field for a field/value pair. Again, on top of this,
ausearch_set_param("a2",0) would be a good thing to add to ensure, as you
expressed in last Monday's open LSPP call, that you would like regression
tests run to ensure there was no uncleared context lying around.
Does this help?
Mike
>
> -Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20060309/3d8387cf/attachment.htm>
More information about the Linux-audit
mailing list