A combined audit event message
Matthew Booth
mbooth at redhat.com
Fri Feb 27 21:32:43 UTC 2009
Steve Grubb wrote:
> On Friday 27 February 2009 04:21:37 pm Matthew Booth wrote:
>> This has lead me to explore combining records on the host
>> before sending them out. I'm currently intending to produce messages
>> like this
>
> Combining like this means adding a new character '|' to the decision about
> what constitutes an encoded field. Personally, I am not in favor of any
> radical changes in the next 3-4 months. Just some slow evolution.
>
> -Steve
A good point. What are the existing characters? Maybe one of them would
be suitable.
I'm going to make this change to austream. However, if anybody else has
anything similar on their roadmap, or has given thought to this problem
before I'd like to align with that. Ultimately I want to deprecate austream.
Matt
--
Matthew Booth, RHCA, RHCSS
Red Hat, Global Professional Services
M: +44 (0)7977 267231
GPG ID: D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
More information about the Linux-audit
mailing list