[PATCH 2/2] audit: add filterkey to special audit messages
Sven Schnelle
svens at linux.ibm.com
Wed May 4 05:22:54 UTC 2022
Paul Moore <paul at paul-moore.com> writes:
> On Tue, May 3, 2022 at 5:02 AM Sven Schnelle <svens at linux.ibm.com> wrote:
>>
>> For automated filtering/testing it is useful to have the
>> filter key logged in the message.
>>
>> Signed-off-by: Sven Schnelle <svens at linux.ibm.com>
>> ---
>> kernel/auditsc.c | 1 +
>> 1 file changed, 1 insertion(+)
>
> The SOCKETCALL record, along with all of the others generated inside
> show_special(), are associated with a SYSCALL record which carries the
> "key=" field. As a general rule we try very hard not to duplicate
> fields across records in a single audit event.
Ok, thanks. Guess you can ignore both patches than.
Thanks!
More information about the Linux-audit
mailing list