Fields availability for each record type
Klaus Heinrich Kiwi
klausk at br.ibm.com
Mon Oct 29 21:14:58 UTC 2007
People,
I know this may be a FAQ, but I need to map Linux audit
events/records/fields into a CSV with predefined column meanings,
possibly one event per line. ie.: userid; source; subject; action;
object;
I was thinking in using the python auparse library to do such thing.
Problem is, how can I know what fields each record type will have, and
what records can I expect from a certain event (I know there is no such
thing as event type, but would be good to know what other records are
available when, for example, a LOGIN or USYS_CONFIG record comes in).
Maybe I can accomplish the same thing with ausearch/aureport?
Thanks for any thoughts,
Klaus
More information about the Linux-audit
mailing list