audit log exit
Timothy R. Chavez
chavezt at gmail.com
Wed Jan 5 20:27:11 UTC 2005
Hm,
Could it be to minimize risk of filling up the buffer and to also a
produce seperation of records? This way userspace auditd can stitch
together a log record per name, based on the serial numbers? A
one-to-many relationship so-to-speak. This way you get one record
containing all the common information and X records containing all the
unique information instead of one super huge record that's immensely
difficult to parse or X records with a bunch of redundant information
in them.
-Tim
On Wed, 5 Jan 2005 08:27:55 -0500, Steve Grubb <sgrubb at redhat.com> wrote:
> Hi,
>
> I was wondering why the code in audit_log_exit
>
> http://lxr.linux.no/source/kernel/auditsc.c?v=2.6.8.1#L582
>
> loops spitting out packets? Why isn't the audit information sent as 1 packet?
>
> Just curious...
> -Steve Grubb
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> http://www.redhat.com/mailman/listinfo/linux-audit
>
--
- Timothy R. Chavez
More information about the Linux-audit
mailing list