[PATCH 1/2] Audit: break up execve arguments into multiple records
Eric Paris
eparis at redhat.com
Wed Oct 3 17:44:34 UTC 2007
On Wed, 2007-10-03 at 13:13 -0400, Steve Grubb wrote:
> On Tuesday 02 October 2007 17:25:34 Eric Paris wrote:
> > Break the auditing of execve arguments into smaller records if there are
> > a lot.
>
> Do you have an example of what the event would look like with this patch
> applied?
>
> Thanks,
> -Steve
attached is a log with about 1200 arguments. My first attachment was of
a single execve with about 800k worth of arguments! But it was rather
large and list wouldn't have liked it. Hopefully this attachment is
still big enough to amaze and small enough to download *smile*
-Eric
-------------- next part --------------
A non-text attachment was scrubbed...
Name: audit.log
Type: text/x-log
Size: 24549 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20071003/4cdb0a2a/attachment.bin>
More information about the Linux-audit
mailing list