* type=SYSCALL, key= field?
@ 2006-07-31 18:09 Michael C Thompson
2006-07-31 18:19 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: Michael C Thompson @ 2006-07-31 18:09 UTC (permalink / raw)
To: Linux Audit, Steve Grubb
Hey all,
I'm looking though the audit logs, and I'm wondering what exactly this
key field is in the SYSCALL audit record. I've always seen its value be
(null).
I'm not sure what this is meant to be related to, any clues?
Thanks,
Mike
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: type=SYSCALL, key= field?
2006-07-31 18:09 type=SYSCALL, key= field? Michael C Thompson
@ 2006-07-31 18:19 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2006-07-31 18:19 UTC (permalink / raw)
To: Michael C Thompson; +Cc: Linux Audit
On Monday 31 July 2006 14:09, Michael C Thompson wrote:
> I'm not sure what this is meant to be related to, any clues?
auditctl -a always,exit -S open -F key=something
It's so that you can label the event with any information an admin wants.
-Steve
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-07-31 18:19 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-07-31 18:09 type=SYSCALL, key= field? Michael C Thompson
2006-07-31 18:19 ` Steve Grubb
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.