OBJ_PID records
Alexander Viro
aviro at redhat.com
Fri Sep 28 03:21:57 UTC 2007
On Thu, Sep 27, 2007 at 02:49:09PM -0400, Steve Grubb wrote:
> On Thursday 27 September 2007 14:40:45 Eric Paris wrote:
> > Interestingly on this machine the opid has ALWAYS been 1956 with
> > obj=syslogd_t. ??I don't however think there is anything special about
> > syslog though as that wasn't the obj in the messages sgrubb was getting,
> > although i do wonder if it was the same opid every time.....
>
> Seems like it. I have one example where I have 86 records in a row with the
> same opid.
>
> -Steve
>
> ----
> type=OBJ_PID msg=audit(09/20/2007 15:29:16.355:12775) : opid=2287
> obj=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023
Er... And what has pid 2287 on that box?
More information about the Linux-audit
mailing list