If I wanted to use the audit subsystem to log something like stale NFS
handles, would this work?
# ESTALE == -13
auditctl -a exit,always -S all -F exit=-13
More importantly, is this an appropriate use of the audit subsystem, or
should I be doing this some other way?
If this is the right way to do it, how can I easily determine which
syscalls can return ESTALE? Using '-S all' seems wasteful...
Suggestions always welcome,
-RZ
--
Randy Zagar Sr. Unix Systems Administrator
E-mail: [EMAIL PROTECTED] Applied Research Laboratories
Phone: 512 835-3131 Univ. of Texas at Austin
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
