* Reserved fields in audit log structure @ 2016-02-11 6:12 Sowndarya K 2016-02-11 11:55 ` Burn Alting 2016-02-12 18:54 ` Steve Grubb 0 siblings, 2 replies; 3+ messages in thread From: Sowndarya K @ 2016-02-11 6:12 UTC (permalink / raw) To: Linux-audit [-- Attachment #1.1: Type: text/plain, Size: 53 bytes --] What are the reserved fields in audit log structure? [-- Attachment #1.2: Type: text/html, Size: 78 bytes --] [-- Attachment #2: Type: text/plain, Size: 0 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Reserved fields in audit log structure 2016-02-11 6:12 Reserved fields in audit log structure Sowndarya K @ 2016-02-11 11:55 ` Burn Alting 2016-02-12 18:54 ` Steve Grubb 1 sibling, 0 replies; 3+ messages in thread From: Burn Alting @ 2016-02-11 11:55 UTC (permalink / raw) To: Sowndarya K; +Cc: Linux-audit Hi, Are asking about the existing known field names found in the following https://people.redhat.com/sgrubb/audit/audit-events.txt or something else? On Thu, 2016-02-11 at 11:42 +0530, Sowndarya K wrote: > What are the reserved fields in audit log structure? > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Reserved fields in audit log structure 2016-02-11 6:12 Reserved fields in audit log structure Sowndarya K 2016-02-11 11:55 ` Burn Alting @ 2016-02-12 18:54 ` Steve Grubb 1 sibling, 0 replies; 3+ messages in thread From: Steve Grubb @ 2016-02-12 18:54 UTC (permalink / raw) To: linux-audit; +Cc: Sowndarya K On Thursday, February 11, 2016 11:42:27 AM Sowndarya K wrote: > What are the reserved fields in audit log structure? There are known fields that kind of mean reserved because we expect them to be a certain way. Its documented here: http://people.redhat.com/sgrubb/audit/audit-events.txt and a test suite to verify events are searchable here: http://people.redhat.com/sgrubb/audit/ausearch-test-0.5.tar.gz And we need to continue work on the validation suite so that it can be used to check events completely. -Steve ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-02-12 18:54 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-02-11 6:12 Reserved fields in audit log structure Sowndarya K 2016-02-11 11:55 ` Burn Alting 2016-02-12 18:54 ` Steve Grubb
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox