On Sun, 2007-05-13 at 12:47 -0400, Steve Grubb wrote: > On Tuesday 08 May 2007 14:02:06 Matthew Booth wrote: > > Can anybody point me to a document which describes the format of logs > > generated by auditd in RHEL 4. > > I have not created such a document. I don't know if anyone else has either. I > plan to start creating a bunch of documentation for the audit system this > summer.
Ok. In the mean time, can you fill me in on exactly how a PATH record is added to an event? For example, on execve(), why would I get a PATH record for both the binary being executed and the ld library? The latter didn't have a name, just an inode. Matt -- Matthew Booth, RHCA, RHCSS Red Hat, Global Professional Services M: +44 (0)7977 267231 GPG ID: D33C3490 GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
signature.asc
Description: This is a digitally signed message part
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
