audit 0.9.17 released
Loulwa Salem
loulwas at us.ibm.com
Wed Jul 13 18:54:26 UTC 2005
Steve Grubb wrote:
> Hi,
> - Fix ausearch buffers to hold long filenames
The ausearch now shows records including those with long paths and
filenames. However, the name field (in the PATH record type) still shows
a truncated version of the path... I am not sure where in the code the
size of that field is defined, but is it possible it is not being
allocated enough space, and therefore truncating the path name when it
is shown in the audit log file. This is showing when the path name has a
space in it, without spaces the entire path shows in the name field
This is what the ausearch shows: (using ... to substitute a gazzilion y)
Notice the length difference between what is shown in the name field for
the file name, and what is in the watch field.
type=PATH msg=audit(07/13/05 10:04:51.682:5815312) :
name=/tmp/yyy...yyy/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxp
inode_uid=root inode_gid=root inode_dev=08:11 inode_rdev=00:00
type=FS_WATCH msg=audit(07/13/05 10:04:51.682:5815312) :
watch_inode=2436561 watch=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx filterkey=good-key perm= perm_mask=write
- Loulwa
More information about the Linux-audit
mailing list