Using the audit system for non-security events
Klaus Heinrich Kiwi
klausk at linux.vnet.ibm.com
Wed May 28 21:00:34 UTC 2008
On Tue, 2008-05-27 at 14:08 -0400, Eric Paris wrote:
> I want thoughts on such a proposal. Obviously I'm going to ahve to
> put
> some real thought/care into how to handle 'overlapping' rules between
> security and non-security and stuff like that, but as a general idea
> what do people think?
At the risk of sounding like "we should take over the world", I think it
actually should be a good thing to have more users relying on the audit
subsystem, so I liked the idea.
Previously, on this same mailing list, we once discussed about using
fields to route records across different systems. Perhaps it's time for
us to have a real look at a more generic solution for this? (Not that
I'm against adding another field, but since record routing is necessary
for several reasons, wouldn't it be desirable to have the right
infrastructure in place to handle those, say, in auditctl?)
-Klaus
--
Klaus Heinrich Kiwi <klausk at linux.vnet.ibm.com>
Linux Security Development, IBM Linux Technology Center
More information about the Linux-audit
mailing list