audit message types
Debora Velarde
dvelarde at us.ibm.com
Tue May 10 14:36:18 UTC 2005
> Incidentally here's a sample from my logs for ipc:
> auditctl -a entry,always -S ipc
> type=SYSCALL msg=audit(1115734892.933:11104482): syscall=117
arch=40000003
> success=yes exit=0 a0=18 a1=9000e a2=100 a3=0 items=0 pid=22636
loginuid=525
> uid=525 gid=525 euid=525 suid=525 fsuid=525 egid=525 sgid=525 fsgid=525
> comm="firefox-bin" exe=/usr/lib/firefox-1.0.3/firefox-bin
> There doesn't seem to be any supplemental records. I'll investigate.
shmctl normally does have at least one supplemental record, is that what
you
ran to generate this record?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050510/b6c5fc11/attachment.htm>
More information about the Linux-audit
mailing list