[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: audit log exit



Hm,

Could it be to minimize risk of filling up the buffer and to also a
produce seperation of records?  This way userspace auditd can stitch
together a log record per name, based on the serial numbers?  A
one-to-many relationship so-to-speak.  This way you get one record
containing all the common information and X records containing all the
unique information instead of one super huge record that's immensely
difficult to parse or X records with a bunch of redundant information
in them.

-Tim

On Wed, 5 Jan 2005 08:27:55 -0500, Steve Grubb <sgrubb redhat com> wrote:
> Hi,
> 
> I was wondering why the code in audit_log_exit
> 
> http://lxr.linux.no/source/kernel/auditsc.c?v=2.6.8.1#L582
> 
> loops spitting out packets? Why isn't the audit information sent as 1 packet?
> 
> Just curious...
> -Steve Grubb
> 
> --
> Linux-audit mailing list
> Linux-audit redhat com
> http://www.redhat.com/mailman/listinfo/linux-audit
> 


-- 
- Timothy R. Chavez


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]