New field to auditd.conf file

Deepika Sundar sundar.deepika18 at gmail.com
Thu Apr 21 05:25:35 UTC 2016 

Okay,If I update the Ausearch/aureport in order to aware of the new field
in the audit log structure can it be feasible one?

On Wed, Apr 20, 2016 at 6:00 PM, Steve Grubb <sgrubb at redhat.com> wrote:

> On Wednesday, April 20, 2016 10:05:42 AM Deepika Sundar wrote:
> > In general way,Is there any compatibility issues if audit log structure
> > gets modified?
>
> Yes, there can be problems if the log structure gets modified.
> Ausearch/report
> are highly optimized for an exact format.
>
> -Steve
>
>
> > On Wed, Apr 13, 2016 at 6:01 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> > > On Wednesday, April 13, 2016 11:03:43 AM Deepika Sundar wrote:
> > > > As per my understanding audit log structure can be extendible based
> on
> > > > requirements and in my project I need to add the identifier field for
> > > > the
> > > > application and as of now I couldn't able to revel the What
> application
> > > > trying to develop to update.So,Is there any possibility that without
> > > > breaking any Compatibility issues I can do it ?
> > >
> > > I have no idea what you are doing so there is no guarantee that it
> won't
> > > break
> > > something. If your project is going to be released as open source its
> > > generally best to collaborate with people so that problems can be
> pointed
> > > out.
> > > Otherwise you risk spending a lot of time on something only to have it
> > > rejected.
> > >
> > > -Steve
> > >
> > > > OR If any compatibility issues please specify .
> > > >
> > > > On Fri, Apr 8, 2016 at 12:12 AM, Paul Moore <paul at paul-moore.com>
> wrote:
> > > > > On Thu, Apr 7, 2016 at 12:47 AM, Deepika Sundar
> > > > >
> > > > > <sundar.deepika18 at gmail.com> wrote:
> > > > > > In the same way, in the kernel side
> > > > > > Can I able to add one new field to the audit log structure
> without
> > > > >
> > > > > breaking
> > > > >
> > > > > > Compatibility? If so,
> > > > > >
> > > > > >   1.How can I add new field without breaking compatibility?
> > > > > >
> > > > > >      or
> > > > > >
> > > > > >   2.Is there any reserve field in audit log structure so that I
> can
> > >
> > > make
> > >
> > > > > use
> > > > >
> > > > > >     of it?
> > > > >
> > > > > You need to be more specific about what you are trying to do.
> > > > > Speaking generally, unless you work to get your changed merged into
> > > > > the upstream kernel and userspace tools we cannot guarantee
> present or
> > > > > future compatibility.
> > > > >
> > > > > --
> > > > > paul moore
> > > > > www.paul-moore.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20160421/755dd048/attachment.htm>

More information about the Linux-audit mailing list