* type=SYSCALL, key= field?
@ 2006-07-31 18:09 Michael C Thompson
2006-07-31 18:19 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: Michael C Thompson @ 2006-07-31 18:09 UTC (permalink / raw)
To: Linux Audit, Steve Grubb
Hey all,
I'm looking though the audit logs, and I'm wondering what exactly this
key field is in the SYSCALL audit record. I've always seen its value be
(null).
I'm not sure what this is meant to be related to, any clues?
Thanks,
Mike
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: type=SYSCALL, key= field?
2006-07-31 18:09 type=SYSCALL, key= field? Michael C Thompson
@ 2006-07-31 18:19 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2006-07-31 18:19 UTC (permalink / raw)
To: Michael C Thompson; +Cc: Linux Audit
On Monday 31 July 2006 14:09, Michael C Thompson wrote:
> I'm not sure what this is meant to be related to, any clues?
auditctl -a always,exit -S open -F key=something
It's so that you can label the event with any information an admin wants.
-Steve
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-07-31 18:19 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-07-31 18:09 type=SYSCALL, key= field? Michael C Thompson
2006-07-31 18:19 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).