On Tuesday, January 14, 2014 02:07:26 PM Richard Guy Briggs wrote: > On 14/01/14, Steve Grubb wrote: > > On Monday, January 13, 2014 09:56:35 PM Eric Paris wrote: > > > It seems that reusing the task info pattern throughout records should > > > allow for faster simpler more streamlined userspace records parsing, but > > > changing order like this might be a deal breaker. > > > > Have you tried using the ausearch test suite? I published it so that it > > can be found out what all these patches will do to the stability of user > > space. I'd delete your logs, reboot into test kernel, generate as many > > kind of events as possible, then extract the logs and test with the test > > suite. > > Do you have a script of rules and a script of commands to accomplish the > "generate as many kind of events as possible"?
Nope. But its very important to make sure all events are well formed and searchable by existing tools. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
