[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

dev information for open, exec?

the dev= field of auditd information seems to be missing for open,
exec syscalls.
Is there a reason why this information is not available?

(I'd like to filter out all open calls on /proc...)

The log lines i get look like the following:
type=KERNEL msg=audit(1109035917.261:14548): item=0
name=/usr/share/locale/de/LC_MESSAGES/coreutils.mo inode=852010
and the dev=00:00 value is bogus; I never get a different value.

I'm currently trying to use auditd to obtain an optimized "readahead"
file list for speeding up system boot. I had this idea some months
ago; maybe I should check recent boot speedup developments... ;-)

Erich Schubert
    erich@(mucl.de|debian.org)      --      GPG Key ID: 4B3A135C    (o_
  To understand recursion you first need to understand recursion.   //\
  Wo befreundete Wege zusammenlaufen, da sieht die ganze Welt für   V_/_
        eine Stunde wie eine Heimat aus. --- Herrmann Hesse

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]