dev information for open, exec?
Erich Schubert
erich.schubert at gmail.com
Tue Feb 22 01:54:04 UTC 2005
Hi,
the dev= field of auditd information seems to be missing for open,
exec syscalls.
Is there a reason why this information is not available?
(I'd like to filter out all open calls on /proc...)
The log lines i get look like the following:
type=KERNEL msg=audit(1109035917.261:14548): item=0
name=/usr/share/locale/de/LC_MESSAGES/coreutils.mo inode=852010
dev=00:00
and the dev=00:00 value is bogus; I never get a different value.
I'm currently trying to use auditd to obtain an optimized "readahead"
file list for speeding up system boot. I had this idea some months
ago; maybe I should check recent boot speedup developments... ;-)
Greetings,
Erich Schubert
--
erich@(mucl.de|debian.org) -- GPG Key ID: 4B3A135C (o_
To understand recursion you first need to understand recursion. //\
Wo befreundete Wege zusammenlaufen, da sieht die ganze Welt für V_/_
eine Stunde wie eine Heimat aus. --- Herrmann Hesse
More information about the Linux-audit
mailing list