On Thursday 10 January 2008 12:25:23 Klaus Heinrich Kiwi wrote: > Steve, as we talked earlier through IRC, ausearch/aureport are expecting > the kernel anomalies messages to have auid= uid= gid= fields (in this > order). This quick patch changes the ANOM_PROMISCUOUS message to the > correct format (as already used by ANOM_ABEND).
Thanks, would you mind making 2 changes to this? Add a test for audit_enabled being true before calling audit_log...a long standing oversight. And add a field at the end "res=1" since this doesn't appear to be able to fail. I'm trying to get result fields in all events. I'd like to just touch this code one time since its in the network code. Thanks, -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
