Unhelpful events
Steve Grubb
sgrubb at redhat.com
Mon Jun 7 15:32:55 UTC 2021
Hello,
While patching up the event normalizer, I run across these events which
really have no useful information:
type=BPF msg=audit(1622913714.840:15017): prog-id=137 op=UNLOAD
type=TIME_INJOFFSET msg=audit(1622547739.500:4): sec=0 nsec=486383948
type=NETFILTER_CFG msg=audit(06/06/2021 08:44:53.947:976) : table=filter
family=bridge entries=0 op=xt_unregister pid=5833
subj=system_u:system_r:kernel_t:s0 comm=kworker/u16:3
Either their syscall record is missing or they simply do not have all the
necessary information. (Subject, action, object, results)
-Steve
More information about the Linux-audit
mailing list