On Tuesday, October 21, 2014 03:56:10 PM Steve Grubb wrote: > audit_log_task_info logs too much information for typical use. There are > times when you might want to know everything about what's connecting. But > in this case, we don't need anything about groups, saved uids, fsuid, or > ppid. > > Its a shame we don't have a audit_log_task_info_light function which only > records: > > pid= auid= uid= subj= comm= exe= ses= tty=
This is getting back to my earlier concerns/questions about field ordering, or at the very least I'm going to hijack this conversation and steer it towards field ordering ;) Before we go to much farther, I'd really like us to agree that ordering is not important, can we do that? As a follow up, what do we need to do to make that happen in the userspace tools? -- paul moore security and virtualization @ redhat -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
