On Sun, 2007-02-25 at 17:30 -0500, Steve Grubb wrote: > On Sunday 25 February 2007 17:15:23 Matthew Booth wrote: > > On a related note, what's the api for injecting an arbitrary audit event > > from userspace in 1.0.15? > > audit_log_user_message(). > > > There doesn't appear to be anything obvious in the man pages. > > There are several APIs to enforce consistent messages depending on the > purpose. They all start with audit_log_ .
That's a lot of choices. I specifically want to log a message in my ausetauid utility containing the fully command line executed under a different auid. To make sure it turns up in searches, I want it to have the same audit event ID as the LOGIN message it generates. Is this achievable, and which function should I read the source for ;) ? Thanks, Matt -- Red Hat, Global Professional Services M: +44 (0)7977 267231 GPG ID: D33C3490 GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
signature.asc
Description: This is a digitally signed message part
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
