Definitive guide for audit message types
Steve Grubb
sgrubb at redhat.com
Sat Oct 11 22:01:52 UTC 2014
On Fri, 10 Oct 2014 09:58:48 -0700
William Roberts <bill.c.roberts at gmail.com> wrote:
> For audit log records, the type field can be something like 1400 for
> an AVC event. I know on the desktop it formats these all to the pretty
> names IIRC, however I am on Android and were not quite as advanced
> yet. Is their a definitive guide for each number what they correspond
> to besides cracking open the header files?
The kernel headers and libaudit headers are the literal definitive
source. They can be seen here:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/include/uapi/linux/audit.h?id=refs/tags/v3.16.5#n30
and
https://fedorahosted.org/audit/browser/trunk/lib/libaudit.h#L40
-Steve
More information about the Linux-audit
mailing list