On Thu, Sep 16, 2010 at 7:03 PM, Smith, Gary R <[email protected]> wrote:
> Hi Jure,
>
>
>
> Presuming you’ve captured the audit records you’re interested in a file
> named snorf, you could do something like this:
>
>
>
> cat snorf | awk -F\= '{print $8 "0A"}' | xxd -r –p
>
>
>
> In the example you had in the email, arg4 turns out to be:
> strbegins(thread_id,"thread_id=2369892f")
>
>
>
>
Thanks a lot Gary
This is exactly what I need =))
Jure
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
