auditd 2.0.5 and 2.2 log format changes
Steve Grubb
sgrubb at redhat.com
Tue May 20 15:31:38 UTC 2014
On Tue, 20 May 2014 18:18:14 +0300
Ismail Yenigul <ismailyenigul at gmail.com> wrote:
> I have a scipt to correlate(for user friendly report) auditd 2.2
> version logs. It works on RedHat.
> We have suse 11.4 server running audit 2.0.5 version .
>
> I could not see any major log format difference between two version.
> I see that there is nametype=NORMAL field difference at the end of
> each line for version 2.2.
This is not related to auditd. This is a change in the kernel. Auditd
just distributes events to disk and other applications.
> Is there any other log format changes between two versions?
There are likely differences in the kernels (and possibly user space
apps). I have no idea what they are.
-Steve
More information about the Linux-audit
mailing list