Dispatcher - single line output (perl)
Steve Grubb
sgrubb at redhat.com
Thu May 25 12:30:02 UTC 2006
On Wednesday 24 May 2006 20:22, Leigh Purdie wrote:
> So, to rephrase my question slightly - is there a programmatic way to
> turn syscall=5 into syscall=execve that anyone can suggest?
OK, then libaudit has that function, audit_syscall_to_name(). There are
several factors that have to be considered to correctly interpret a syscall
name.
> WRT perl, I'm language agnostic. If there's better support for audit
> in python, I'll switch the code over.
Yes, there is better support for python right now. We've also written a
dispatcher used for real-time SE Linux event analysis using python. It grabs
the events as a dictionary and passes them on for analysis. I should be
releasing audit-1.2.3 today which improves python support a little bit more.
-Steve
More information about the Linux-audit
mailing list