AUDIT_NETFILTER_PKT message format
Paul Moore
paul at paul-moore.com
Fri Feb 17 01:57:24 UTC 2017
[NOTE: I'll respond back to the other part of your email later but I'm
running out of time in the day and this was a quick but important
response]
On Thu, Feb 16, 2017 at 5:36 PM, Richard Guy Briggs <rgb at redhat.com> wrote:
> Steve has requested the subject attributes which prefixes 7 fields.
I already commented on this earlier in this thread - or some other
related thread, I've lost track, but both you and Steve were on the
To/CC line - last time I checked, you can't reliably link packets to
the sender/subject in the netfilter hooks (I'll be shocked if this has
changed). The best you can do in some cases is to link the packet to
the socket, and that isn't going to help you.
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list