Syscalls

[Steve Grubb]

On Wednesday 28 February 2007 07:23:45 Johnston Mark (UK) wrote:
> ) We are trying to track changes to the system date and time. I've been
> using the example in capp.rules, but all we get is ntpd, not the usage
> of date, which we would like.

ntpdate & date uses the syscall settimeofday...so...

-a always,exit -S settimeofday

hwclock writes to /dev/rtc and that's why its patched.

-Steve