From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: Reserved fields in audit log structure
Date: Fri, 12 Feb 2016 13:54:15 -0500
Message-ID: <4269197.AnYaFffLoD@x2>
References: <CAKc3OY1c_VT5Wr==aunirdkrCSKB8VAemofG0JAXNRCAQR4_fA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <CAKc3OY1c_VT5Wr==aunirdkrCSKB8VAemofG0JAXNRCAQR4_fA@mail.gmail.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
Cc: Sowndarya K <sowndaryak18@gmail.com>
List-Id: linux-audit@redhat.com

On Thursday, February 11, 2016 11:42:27 AM Sowndarya K wrote:
> What are the reserved fields in audit log structure?

There are known fields that kind of mean reserved because we expect them to be 
a certain way. Its documented here:

http://people.redhat.com/sgrubb/audit/audit-events.txt

and a test suite to verify events are searchable here:

http://people.redhat.com/sgrubb/audit/ausearch-test-0.5.tar.gz

And we need to continue work on the validation suite so that it can be used to 
check events completely.

-Steve