Linux-audit Digest, Vol 40, Issue 9
Steve Grubb
sgrubb at redhat.com
Wed Jan 16 13:59:45 UTC 2008
On Wednesday 16 January 2008 01:59:34 kunal chandarana wrote:
> Is there a way to map this audit type to the fields.
I don't have a map of each type. They can all be found by code inspection. For
kernel, I'd recommend using LXR.
http://lxr.linux.no/linux/include/linux/audit.h
Look at explanation about ranges. Look for kernel record types and click on
the define to see where they are used. From that you can click to the code
that uses it.
Alternatively, you could run one of the audit test suites and then maybe see
what each audit record looks like.
-Steve
More information about the Linux-audit
mailing list