On Sunday 25 February 2007 17:35:08 Matthew Booth wrote: >> There are several APIs to enforce consistent messages depending on the >> purpose. They all start with audit_log_ . > > That's a lot of choices. I specifically want to log a message in my > ausetauid utility containing the fully command line executed under a > different auid.
You would need to build your message in a buffer and pass it to audit_log_user_message() as the message param since an API has not been built for the purpose you described in 1.0.15. You will also want to follow naming conventions laid out in the parsing spec. > To make sure it turns up in searches, I want it to have the same audit event > ID as the LOGIN message it generates. No can do. > Is this achievable, and which function should I read the source for ;) ? Nope. Setting the loginuid is a discrete event seen from the kernel's perspective. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
