order of entries output from ausearch -i
AKASHI Takahiro
takahiro.akashi at linaro.org
Wed Nov 13 08:14:13 UTC 2013
Hi Steve
I followed your advise and verified my patch of AArch64 audit support
by comparing the output from
# autrace /bin/ls
# ausearch -i -p XXX | grep SYSCALL
with the output from
# strace /bin/ls
Here I found that the entries shown by "ausearch -i" are listed
partially in the order of lifo (Last In First Out?).
I don't think this behavior is "intuitive".
(As you know, ausearch without -i generates fifo order of outputs.)
Is there any good reason?
Thanks,
-Takahiro AKASHI
More information about the Linux-audit
mailing list