Events per System Call
Steve Grubb
sgrubb at redhat.com
Tue Aug 17 01:18:41 UTC 2010
On Monday, August 16, 2010 09:13:54 pm Steve Grubb wrote:
> > If i am taking my data stream through the af_unix socket built-in plugin
> > then will i get the audit_eoe event?
>
> For an audispd plugin, you would need to set the format parameter to
> binary.
Actually, looking at the auparse library code, it looks like the EOE event
comes through in the string format, too.
-Steve
More information about the Linux-audit
mailing list