Help with audit syscall event output
Ankitha Kundhuru
akundhuru at cs.stonybrook.edu
Tue Sep 3 21:15:29 UTC 2019
Hi All,
Any help is greatly appreciated.
My piece of code can read audit.log file and process it.But when I enable
good number of syscalls, disk gets filled really quick (15GB for half a day
usage)
I wanted to know if there is a way to directly get the events from
userspace audit daemon instead of writing it to a file. Plan is that my
application should process the events as soon as they are created.
Suggest me if a way exist.
Thanks in advance.
Thanks & Regards,
Ankitha Kundhuru
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20190903/fe65d08e/attachment.htm>
More information about the Linux-audit
mailing list