From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: auditd 2.0.5 and 2.2 log format changes
Date: Tue, 20 May 2014 14:38:05 -0400
Message-ID: <20140520143805.0e732256@ivy-bridge>
References: <CAKpsdD0b0aXV1J-0y0WDudaKAGqUex204pSMQ1ebWtX3Jw3J6Q@mail.gmail.com>
	<20140520113138.5e08d5e2@ivy-bridge>
	<CAKpsdD3hxcvQqzsfDCO_ZjE_jd_-Si5kN+Md_+Muk1ZsNTObHQ@mail.gmail.com>
	<1400605344.20791.4.camel@flatline.rdu.redhat.com>
	<CAKpsdD3pGRde90fvGZqQe9QacNK=yBozgwdsyJgHdU4xmjiOkA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <CAKpsdD3pGRde90fvGZqQe9QacNK=yBozgwdsyJgHdU4xmjiOkA@mail.gmail.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Ismail Yenigul <ismailyenigul@gmail.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Tue, 20 May 2014 21:23:59 +0300
Ismail Yenigul <ismailyenigul@gmail.com> wrote:
> By the way,  do you have a plan to use Solaris bsm style output. All
> info stored in a single line in bsm output.

The simple answer, no. The deisgn of the linux audit system is
different than the Solaris audit system. The multiple lines comes from
different parts of the kernel contributing what it knows about the
syscall once its been determined to be an event of interest.

> This is more human friendly output.

There are some plans to make the out easier to understand. Its just
that there are other problems that need fixing before work can start on
that.

-Steve