* How to identify failed syscalls
@ 2013-10-25 10:26 Leam Hall
2013-10-25 12:41 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: Leam Hall @ 2013-10-25 10:26 UTC (permalink / raw)
To: linux-audit
Running aureport gives me a lot of failed syscalls. How do I identify
what syscalls are failing and what is calling them?
Thanks!
Leam
--
http://31challenge.net
http://31challenge.net/insight
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: How to identify failed syscalls
2013-10-25 10:26 How to identify failed syscalls Leam Hall
@ 2013-10-25 12:41 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2013-10-25 12:41 UTC (permalink / raw)
To: linux-audit
On Friday, October 25, 2013 06:26:20 AM Leam Hall wrote:
> Running aureport gives me a lot of failed syscalls. How do I identify
> what syscalls are failing and what is calling them?
Aureport's purpose is to give summary information. Ausearch gives detailed
information. To get what syscalls are failing, you can just run the "--syscall
--summary" report. To se what is calling them is a bit trickier. You can
isolate the events with ausearch and then pipe them to aureport for
summarizing:
ausearch --start today -m syscall -sv no --raw | aureport -x --summary
If you need to seethe individual events, then
ausearch --start today -m syscall -sv no -i
-Steve
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-10-25 12:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-10-25 10:26 How to identify failed syscalls Leam Hall
2013-10-25 12:41 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).