On Fri, 10 Oct 2014 09:58:48 -0700 William Roberts <[email protected]> wrote: > For audit log records, the type field can be something like 1400 for > an AVC event. I know on the desktop it formats these all to the pretty > names IIRC, however I am on Android and were not quite as advanced > yet. Is their a definitive guide for each number what they correspond > to besides cracking open the header files?
The kernel headers and libaudit headers are the literal definitive source. They can be seen here: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/include/uapi/linux/audit.h?id=refs/tags/v3.16.5#n30 and https://fedorahosted.org/audit/browser/trunk/lib/libaudit.h#L40 -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
