On Thursday, February 11, 2016 11:42:27 AM Sowndarya K wrote: > What are the reserved fields in audit log structure?
There are known fields that kind of mean reserved because we expect them to be a certain way. Its documented here: http://people.redhat.com/sgrubb/audit/audit-events.txt and a test suite to verify events are searchable here: http://people.redhat.com/sgrubb/audit/ausearch-test-0.5.tar.gz And we need to continue work on the validation suite so that it can be used to check events completely. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
