Definitive guide for audit message types

Definitive guide for audit message types

[William Roberts]

For audit log records, the type field can be something like 1400 for
an AVC event. I know on the desktop it formats these all to the pretty
names IIRC, however I am on Android and were not quite as advanced
yet. Is their a definitive guide for each number what they correspond
to besides cracking open the header files?

Thanks.

-- 
Respectfully,

William C Roberts

Re: Definitive guide for audit message types

[Steve Grubb]

On Fri, 10 Oct 2014 09:58:48 -0700
William Roberts <bill.c.roberts@gmail.com> wrote:
> For audit log records, the type field can be something like 1400 for
> an AVC event. I know on the desktop it formats these all to the pretty
> names IIRC, however I am on Android and were not quite as advanced
> yet. Is their a definitive guide for each number what they correspond
> to besides cracking open the header files?

The kernel headers and libaudit headers are the literal definitive
source. They can be seen here:

https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/include/uapi/linux/audit.h?id=refs/tags/v3.16.5#n30

and

https://fedorahosted.org/audit/browser/trunk/lib/libaudit.h#L40

-Steve