Identifying writes to NFS
Steve Grubb
sgrubb at redhat.com
Thu May 31 14:44:26 UTC 2007
On Thursday 31 May 2007 05:34, Matthew Booth wrote:
> > man statfs, look at f_type field there.
>
> Looking at this again, this field doesn't appear to be in the audit
> data. Am I missing it?
Correct and nope.
> It's not possible to invoke statfs to determine this information as the
> system receiving the data is remote.
Sounds like you wrote a relaying program, it would need to do the statfs
against the path in the record and add that data before sending it.
-Steve
More information about the Linux-audit
mailing list