linux-audit.redhat.com archive mirror
 help / color / mirror / Atom feed
* Reserved fields in audit log structure
@ 2016-02-11  6:12 Sowndarya K
  2016-02-11 11:55 ` Burn Alting
  2016-02-12 18:54 ` Steve Grubb
  0 siblings, 2 replies; 3+ messages in thread
From: Sowndarya K @ 2016-02-11  6:12 UTC (permalink / raw)
  To: Linux-audit


[-- Attachment #1.1: Type: text/plain, Size: 53 bytes --]

What are the reserved fields in audit log structure?

[-- Attachment #1.2: Type: text/html, Size: 78 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]



^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Reserved fields in audit log structure
  2016-02-11  6:12 Reserved fields in audit log structure Sowndarya K
@ 2016-02-11 11:55 ` Burn Alting
  2016-02-12 18:54 ` Steve Grubb
  1 sibling, 0 replies; 3+ messages in thread
From: Burn Alting @ 2016-02-11 11:55 UTC (permalink / raw)
  To: Sowndarya K; +Cc: Linux-audit

Hi,

Are asking about the existing known field names found in the following
 https://people.redhat.com/sgrubb/audit/audit-events.txt

or something else?

On Thu, 2016-02-11 at 11:42 +0530, Sowndarya K wrote:
> What are the reserved fields in audit log structure?  
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Reserved fields in audit log structure
  2016-02-11  6:12 Reserved fields in audit log structure Sowndarya K
  2016-02-11 11:55 ` Burn Alting
@ 2016-02-12 18:54 ` Steve Grubb
  1 sibling, 0 replies; 3+ messages in thread
From: Steve Grubb @ 2016-02-12 18:54 UTC (permalink / raw)
  To: linux-audit; +Cc: Sowndarya K

On Thursday, February 11, 2016 11:42:27 AM Sowndarya K wrote:
> What are the reserved fields in audit log structure?

There are known fields that kind of mean reserved because we expect them to be 
a certain way. Its documented here:

http://people.redhat.com/sgrubb/audit/audit-events.txt

and a test suite to verify events are searchable here:

http://people.redhat.com/sgrubb/audit/ausearch-test-0.5.tar.gz

And we need to continue work on the validation suite so that it can be used to 
check events completely.

-Steve

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-02-12 18:54 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-11  6:12 Reserved fields in audit log structure Sowndarya K
2016-02-11 11:55 ` Burn Alting
2016-02-12 18:54 ` Steve Grubb

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).