* auditing of process exit
@ 2014-12-14 3:26 Hassan Sultan
2014-12-15 12:58 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: Hassan Sultan @ 2014-12-14 3:26 UTC (permalink / raw)
To: linux-audit
Hi,
I can't figure out how to get audit log entries for process termination.
Abnormal process termination auditing occurs, however for NORMAL process
termination, I can't find anything.
I tried the syscall route, using the exit syscall, however this does not
seem to work, maybe because it logs on exit of the syscall and that call
never returns ?
How can I get a log of all processes exiting then ?
Thanks,
Hassan
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: auditing of process exit
2014-12-14 3:26 auditing of process exit Hassan Sultan
@ 2014-12-15 12:58 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2014-12-15 12:58 UTC (permalink / raw)
To: linux-audit; +Cc: Hassan Sultan
On Saturday, December 13, 2014 07:26:09 PM Hassan Sultan wrote:
> I can't figure out how to get audit log entries for process termination.
>
> Abnormal process termination auditing occurs, however for NORMAL process
> termination, I can't find anything.
Programs typically call exit_group(2) which terminates all threads.
-Steve
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-12-15 12:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-12-14 3:26 auditing of process exit Hassan Sultan
2014-12-15 12:58 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).