Audit log Fields
Steve Grubb
sgrubb at redhat.com
Fri Feb 12 18:57:15 UTC 2016
On Thursday, February 11, 2016 06:07:56 PM Sowndarya K wrote:
> As of now there are so many proposed fields in the audit event log , if I
> wanted to one proposed field which is of not use as much ,which one can I
> chose for ?
The audit event known fields is kind of an agreement on what fields names shall
be and what goes in them. There is a larger context in that events of the same
type must have the same fields, in the same order, and using the same
representation. Otherwise no one can ever analyse events because nothing has
order.
So, what is it you are trying to do? That would be a more helpful question so
that we can give you a more rounded answer.
-Steve
More information about the Linux-audit
mailing list