Auditd 1.0.15 in RHEL4 U4
Steve Grubb
sgrubb at redhat.com
Wed Feb 14 15:55:09 UTC 2007
On Wednesday 14 February 2007 09:45:10 Matthew Booth wrote:
> On Mon, 2007-02-12 at 21:29 -0500, Steve Grubb wrote:
> > > Also, I had a quick flick through the dispatcher example. I note that
> > > it's shipping binary logs.
> >
> > Hmm. I don't recall any binary logs in examples...are you sure?
>
> I was going by this document:
> http://people.redhat.com/sgrubb/audit/audit-rt-events.txt
>
> Is that not the interface you will be presenting?
That is the interface I am presenting. There are a couple binary elements that
are part of the header, but the event data itself follows the header and is
just one big string exactly like as it came from the kernel. That could
change if the protocol version number changes from 0. But it should remain
constant across a shipping product's lifetime.
-Steve
More information about the Linux-audit
mailing list