Reserved fields in audit log structure
Steve Grubb
sgrubb at redhat.com
Fri Feb 12 18:54:15 UTC 2016
On Thursday, February 11, 2016 11:42:27 AM Sowndarya K wrote:
> What are the reserved fields in audit log structure?
There are known fields that kind of mean reserved because we expect them to be
a certain way. Its documented here:
http://people.redhat.com/sgrubb/audit/audit-events.txt
and a test suite to verify events are searchable here:
http://people.redhat.com/sgrubb/audit/ausearch-test-0.5.tar.gz
And we need to continue work on the validation suite so that it can be used to
check events completely.
-Steve
More information about the Linux-audit
mailing list