Sowndarya, Are you are asking how do you propose another public field name to be added to the list in https://people.redhat.com/sgrubb/audit/audit-events.txt ?
If so, I'd suggest you provide a. Proposed field name b. Description of it's content. c. Describe how it's going to be used. The list can then make comment and/or provide advice. Steve, Perhaps we could update the above document to advise users what they should offer in such a proposal. Perhaps further, we could offer a generic solution on how one could define a 'non-public' field name. That is, a 'non-public' field is one which could not, via it's nomenclature, conflict with a current or future 'public' (aka published) field name. Such non-public fields could then be used by capability that only needs the audit source and audit consumer to be aware of the field. Hopefully I am not reading too much into the original request. Regards On Thu, 2016-02-11 at 18:07 +0530, Sowndarya K wrote: > As of now there are so many proposed fields in the audit event log , > if I wanted to one proposed field which is of not use as much ,which > one can I chose for ? > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
