comparing record ids in auparse
John Dennis
jdennis at redhat.com
Wed Sep 5 16:11:46 UTC 2007
In the functions auparse_timestamp_compare() and events_are_equal() the
host field is not checked, is that by design or omission? Should two
different events from two different hosts be comparable?
On a side note, the use of the term timestamp in symbol names like
auparse_timestamp_compare() seems misleading because the item in
question is not really a timestamp, rather its an event identifier which
contains some time information. Are we too far down the road to call
this object an 'event_id'?
--
John Dennis <jdennis at redhat.com>
More information about the Linux-audit
mailing list