hello ....
If anybody knows about sun's bsm audit record format, please help me. I am not able to understand how an audit record for system call can have duplicate token for the same system call argument. For example - header,182,2,ioctl(2),,Mon Jun 01 07:56:56 1998, + 788290611 msec path,/devices/pseudo/[EMAIL PROTECTED]:console attribute,20620,2122,tty,8388608,11409,0 argument,2,0x7415,cmd argument,3,0xeffff2b0,arg argument,2,0x501cd434,strioctl:vnode subject,2122,root,other,root,other,273,258,0 0 pascal.eyrie.af.mil return,success,0 trailer,182 Above, token argument 2 is repeated. I dint find anything in the BSM guide on sun's site. I would highly appreciate it if anybody could throw any light on this. Regards, -- View this message in context: http://www.nabble.com/BSM-Audit---system-call-argument-tf3759563.html#a10626021 Sent from the Security - Sun mailing list archive at Nabble.com.
