On Thursday 27 September 2007 13:18:35 Todd, Charles wrote: > 3. Administrative records are passed, perhaps at dispatchers startup and > at the start of a file when rotated, that documents which version of > auditd, uname -r, output of gnu_get_libc_version(), and the local system > date/time.
I updated the DAEMON_START record to be like this: type=DAEMON_START msg=audit(09/27/2007 13:18:04.858:8081) : auditd start, ver=1.6.3 format=raw kernel=2.6.23-0.202.rc8.fc8 auid=root pid=28173 res=success So, 1.6.3 and later will have the kernel version & release. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
