New field to auditd.conf file

Thu Apr 21 12:58:23 UTC 2016

As we've already mentioned several times, we can make no guarantees
regarding functionality or compatibility without seeing your code.
While it may be frustrating, this is how Open Source development
works.

If you are interested in our help you will need to describe, in
detail, what you are trying to do and ideally post your existing code
so it can be reviewed.

On Thu, Apr 21, 2016 at 1:25 AM, Deepika Sundar
<sundar.deepika18 at gmail.com> wrote:
> Okay,If I update the Ausearch/aureport in order to aware of the new field in
> the audit log structure can it be feasible one?
>
> On Wed, Apr 20, 2016 at 6:00 PM, Steve Grubb <sgrubb at redhat.com> wrote:
>>
>> On Wednesday, April 20, 2016 10:05:42 AM Deepika Sundar wrote:
>> > In general way,Is there any compatibility issues if audit log structure
>> > gets modified?
>>
>> Yes, there can be problems if the log structure gets modified.
>> Ausearch/report
>> are highly optimized for an exact format.
>>
>> -Steve
>>
>>
>> > On Wed, Apr 13, 2016 at 6:01 PM, Steve Grubb <sgrubb at redhat.com> wrote:
>> > > On Wednesday, April 13, 2016 11:03:43 AM Deepika Sundar wrote:
>> > > > As per my understanding audit log structure can be extendible based
>> > > > on
>> > > > requirements and in my project I need to add the identifier field
>> > > > for
>> > > > the
>> > > > application and as of now I couldn't able to revel the What
>> > > > application
>> > > > trying to develop to update.So,Is there any possibility that without
>> > > > breaking any Compatibility issues I can do it ?
>> > >
>> > > I have no idea what you are doing so there is no guarantee that it
>> > > won't
>> > > break
>> > > something. If your project is going to be released as open source its
>> > > generally best to collaborate with people so that problems can be
>> > > pointed
>> > > out.
>> > > Otherwise you risk spending a lot of time on something only to have it
>> > > rejected.
>> > >
>> > > -Steve
>> > >
>> > > > OR If any compatibility issues please specify .
>> > > >
>> > > > On Fri, Apr 8, 2016 at 12:12 AM, Paul Moore <paul at paul-moore.com>
>> > > > wrote:
>> > > > > On Thu, Apr 7, 2016 at 12:47 AM, Deepika Sundar
>> > > > >
>> > > > > <sundar.deepika18 at gmail.com> wrote:
>> > > > > > In the same way, in the kernel side
>> > > > > > Can I able to add one new field to the audit log structure
>> > > > > > without
>> > > > >
>> > > > > breaking
>> > > > >
>> > > > > > Compatibility? If so,
>> > > > > >
>> > > > > >   1.How can I add new field without breaking compatibility?
>> > > > > >
>> > > > > >      or
>> > > > > >
>> > > > > >   2.Is there any reserve field in audit log structure so that I
>> > > > > > can
>> > >
>> > > make
>> > >
>> > > > > use
>> > > > >
>> > > > > >     of it?
>> > > > >
>> > > > > You need to be more specific about what you are trying to do.
>> > > > > Speaking generally, unless you work to get your changed merged
>> > > > > into
>> > > > > the upstream kernel and userspace tools we cannot guarantee
>> > > > > present or
>> > > > > future compatibility.
>> > > > >
>> > > > > --
>> > > > > paul moore
>> > > > > www.paul-moore.com
>>
>
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit

-- 
paul moore
security @ redhat