Hi all~ How to audit socket close system call? I can audit the socket connection by 'connect' system call. I can also audit the socket termination by 'shutdown' system call. But I can't figure out how to audit when the socket is closed. Does the 'close' system call works? However all the file close events will also be auditing. That's not what I want.
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
