On Tuesday 04 March 2008 15:43:23 Eric Paris wrote: > > > If there's no agreement with them, should we change anything? > > > auparse is working pretty good as is. > > > > No it's not. The auparse approach is based on tables, tables which have > > been shown to be incorrect and tied to kernel versions and the patch set > > used to build that kernel version. > > Can you show some example of which kernels had one thing and which > kernels another?
Some of his examples was the directory auditing code that Al wrote. In the user space side of it, I hadn't gotten the interpretation of the fields working because it took a long time for it to come back downstream in Fedora and by the time we had it I forgot to go check it. It wasn't like there was a field that changed meaning, just a normal integration issue when 2 subsystems have different delivery schedules. :) -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
