From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: Audit log Fields
Date: Fri, 12 Feb 2016 13:57:15 -0500
Message-ID: <3892631.jW2AcOYQr3@x2>
References: <CAKc3OY1obXePLv5ac7B3g3EAm=XjZkDFPHDXaFU4q11UMj3NYw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <CAKc3OY1obXePLv5ac7B3g3EAm=XjZkDFPHDXaFU4q11UMj3NYw@mail.gmail.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
Cc: Sowndarya K <sowndaryak18@gmail.com>
List-Id: linux-audit@redhat.com

On Thursday, February 11, 2016 06:07:56 PM Sowndarya K wrote:
> As of now there are so many proposed fields in the audit event log , if I
> wanted to one proposed field which is of not use as much ,which one can I
> chose for ?

The audit event known fields is kind of an agreement on what fields names shall 
be and what goes in them. There is a larger context in that events of the same 
type must have the same fields, in the same order, and using the same 
representation. Otherwise no one can ever analyse events because nothing has 
order.

So, what is it you are trying to do? That would be a more helpful question so 
that we can give you a more rounded answer.

-Steve