A combined audit event message
Steve Grubb
sgrubb at redhat.com
Fri Feb 27 21:28:57 UTC 2009
On Friday 27 February 2009 04:21:37 pm Matthew Booth wrote:
> This has lead me to explore combining records on the host
> before sending them out. I'm currently intending to produce messages
> like this
Combining like this means adding a new character '|' to the decision about
what constitutes an encoded field. Personally, I am not in favor of any
radical changes in the next 3-4 months. Just some slow evolution.
-Steve
More information about the Linux-audit
mailing list