On Tuesday, October 13, 2015 03:52:44 PM Bond Masuda wrote: > I'm writing a tool to put audit logs into a database. I can guess at the > format based on samples of logs I'm seeing, but I would feel better if I > could find documentation that shows all the different types of audit log > messages and what is in those messages.
Unfortunately, there is no reference that captures everything. I do have an ausearch test suite that can aid in collating events so that you have one of everything: http://people.redhat.com/sgrubb/audit/ausearch-test-0.5.tar.gz In it, run ./gather-logs as root. You might also find the aucoverage program helpful in determining what's missing. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
