On Wednesday 24 May 2006 20:22, Leigh Purdie wrote: > So, to rephrase my question slightly - is there a programmatic way to > turn syscall=5 into syscall=execve that anyone can suggest?
OK, then libaudit has that function, audit_syscall_to_name(). There are several factors that have to be considered to correctly interpret a syscall name. > WRT perl, I'm language agnostic. If there's better support for audit > in python, I'll switch the code over. Yes, there is better support for python right now. We've also written a dispatcher used for real-time SE Linux event analysis using python. It grabs the events as a dictionary and passes them on for analysis. I should be releasing audit-1.2.3 today which improves python support a little bit more. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
