On Tue, 2008-08-12 at 23:10 +0100, Matthew Booth wrote: > Steve Grubb wrote: > > If somebody has a better idea/code in hand when we start the 2.0 code, I'd > > like to consider it. The pre-requisites are it has to be backward > > compatible, > > it has to handle unicode, it has to handle fields with odd characters. > > I have thought for some time now that the kernel would do better to > produce binary records. This would have many advantages, including: > > * Very simple parsing > * Much faster to parse > * Faster to produce > * Much easier to specify > > The production of text would then be the problem of the audit daemon. If > the current text based nightmare were frozen, they could even live > side-by-side.
I've heard this binary audit data talk before. What would it actually look like? I'm perfectly fine if someone comes up with some patches that make wholesale interface changes, but you better be [EMAIL PROTECTED] sure that I can run that kernel on RHEL5 and it will work. -Eric -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
