How to audit socket close system call?
Jie Cui
cuijiego at gmail.com
Fri Dec 19 06:06:52 UTC 2014
Hi all~
How to audit socket close system call?
I can audit the socket connection by 'connect' system call.
I can also audit the socket termination by 'shutdown' system call.
But I can't figure out how to audit when the socket is closed.
Does the 'close' system call works? However all the file close events will
also be auditing. That's not what I want.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20141219/4bcd782e/attachment.htm>
More information about the Linux-audit
mailing list