Audit message format change history.
Kangkook Jee
aixer77 at gmail.com
Mon Oct 6 16:04:53 UTC 2014
Hi, all
I’m trying to build a generic audit client that works across a wide range of Linux distributions from very old ones (e.g., CentOS 5.x) to relatively recent distributions (e.g., Ubuntu 13.x or 14.x).
In the course of developing it, I found out the audit message format differs distributions by distributions. For instance, earlier kernel versions do not emit EOE messages to signify the end of a system call logging.
Could anyone give me a pointer that I can track message format history? If you don’t have any single location or documentation for it, a piece of advice regarding how I can track it by myself in an efficient way also would be very helpful.
Thanks a lot for your help in advance!
Regards, Kangkook
More information about the Linux-audit
mailing list