Hi, all I’m trying to build a generic audit client that works across a wide range of Linux distributions from very old ones (e.g., CentOS 5.x) to relatively recent distributions (e.g., Ubuntu 13.x or 14.x).
In the course of developing it, I found out the audit message format differs distributions by distributions. For instance, earlier kernel versions do not emit EOE messages to signify the end of a system call logging. Could anyone give me a pointer that I can track message format history? If you don’t have any single location or documentation for it, a piece of advice regarding how I can track it by myself in an efficient way also would be very helpful. Thanks a lot for your help in advance! Regards, Kangkook -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
