Events per System Call
Basim Baig
basimbaig at gmail.com
Tue Aug 17 02:56:11 UTC 2010
Thank you so much. I have done the painful work for the parser already :)
But i was trying to handle the parser like a state machine where i did not
know how events ended. With this in place it is complete!
Thanks!
Basim
On Tue, Aug 17, 2010 at 6:18 AM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Monday, August 16, 2010 09:13:54 pm Steve Grubb wrote:
> > > If i am taking my data stream through the af_unix socket built-in
> plugin
> > > then will i get the audit_eoe event?
> >
> > For an audispd plugin, you would need to set the format parameter to
> > binary.
>
> Actually, looking at the auparse library code, it looks like the EOE event
> comes through in the string format, too.
>
> -Steve
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20100817/ae2fd54f/attachment.htm>
More information about the Linux-audit
mailing list