[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Changes to Audit record format



On Thursday 16 March 2006 14:59, Debora Velarde wrote:
> Why do we need more than just "pid=200"?  You already know that it was
> auditd by the "auditd start" in the log.

In this particular case, it might not be needed. But in general, its to 
provide some context to the human that is reading it. I see it as 
supplemental information.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]