datastructures sent by auditSubsystem to audit daemon

datastructures sent by auditSubsystem to audit daemon

[Abhishek Gupta]

[-- Attachment #1.1: Type: text/plain, Size: 169 bytes --]

Which are the specific datastructures(containing various fields such as
events,etc) that is sent by auditSubsystem to audit daemon?
And in which file they are present..

[-- Attachment #1.2: Type: text/html, Size: 176 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: datastructures sent by auditSubsystem to audit daemon

[Steve Grubb]

On Thursday 13 December 2007 03:23:34 Abhishek Gupta wrote:
> Which are the specific datastructures(containing various fields such as
> events,etc) that is sent by auditSubsystem to audit daemon?

Its not a data structure. The kernel sends a text string to the audit daemon 
via the netlink interface. The audit daemon takes the message type number and 
looks it up to get the text string for that type and substitutes that when it 
writes to disk so that its a little more friendly to view.

> And in which file they are present..

Typically, they are written to /var/log/audit/audit.log. You can see the 
messages there and they are basically unaltered.

-Steve