Format of audit logs
Matthew Booth
mbooth at redhat.com
Sun May 13 18:17:54 UTC 2007
On Sun, 2007-05-13 at 12:47 -0400, Steve Grubb wrote:
> On Tuesday 08 May 2007 14:02:06 Matthew Booth wrote:
> > Can anybody point me to a document which describes the format of logs
> > generated by auditd in RHEL 4.
>
> I have not created such a document. I don't know if anyone else has either. I
> plan to start creating a bunch of documentation for the audit system this
> summer.
Ok. In the mean time, can you fill me in on exactly how a PATH record is
added to an event? For example, on execve(), why would I get a PATH
record for both the binary being executed and the ld library? The latter
didn't have a name, just an inode.
Matt
--
Matthew Booth, RHCA, RHCSS
Red Hat, Global Professional Services
M: +44 (0)7977 267231
GPG ID: D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20070513/fb13e965/attachment.sig>
More information about the Linux-audit
mailing list