Audit Parsing Library Requirements
Debora Velarde
dvelarde at us.ibm.com
Mon Mar 13 18:15:20 UTC 2006
> > Since this is introducing the notion of multiple machines
> potentially sharing
> > the same log...would it be more clear to change the name to prevent
> > confusion?
> >
> > Its currently host, but would could make it: server, node, machine,
etc.
>
> OK, I have a question because I think there are two issues here:
> 1) Steve has a function, called auparse_get_host, which is paralleled
> by other things like get_serial, which implies that every event has an
> associated host
> 2) This particular event has a host field, I do not think that
> auparse_get_host(0 and auparse_get_filed(au,"host") are the same
Thanks Mike. I see my confusion now.
Since some of the records do have a field 'hostname', I favor changing
auparse_get_host to auparse_get_machine or auparse_get_node.
-debbie
More information about the Linux-audit
mailing list