[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: datastructures sent by auditSubsystem to audit daemon



On Thursday 13 December 2007 03:23:34 Abhishek Gupta wrote:
> Which are the specific datastructures(containing various fields such as
> events,etc) that is sent by auditSubsystem to audit daemon?

Its not a data structure. The kernel sends a text string to the audit daemon 
via the netlink interface. The audit daemon takes the message type number and 
looks it up to get the text string for that type and substitutes that when it 
writes to disk so that its a little more friendly to view.

> And in which file they are present..

Typically, they are written to /var/log/audit/audit.log. You can see the 
messages there and they are basically unaltered.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]