Repository of audit events
Eric Paris
eparis at redhat.com
Wed Apr 9 16:32:34 UTC 2014
To the best of my knowledge there is no way to generate every record
type. I did send sgrubb the beginnings of me trying to write a suite of
programs to exercise some of them for hopeful eventual inclusion in the
auparse checker tool...
I really think such a thing would be useful...
On Wed, 2014-04-09 at 16:25 +1000, Burn Alting wrote:
> All,
>
> Does there exist a repository of audit events that could be used to test
> changes to the audit parsing code?
>
> Although turning on
>
> -a always,exit -F arch=b32 -S all
> and
> -a always,exit -F arch=b64 -S all
>
> for a while does tend to generate a lot of audit, but it's clearly not
> exhaustive so I am hoping we have some repositories that are shareable
> and one can test against.
>
> Rgds
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list