Should open syscall records occur without a path record?
Steve Grubb
sgrubb at redhat.com
Mon Jul 23 19:56:12 UTC 2007
On Monday 23 July 2007 15:41:31 John D. Ramsdell wrote:
> I bet
> I can quickly write some script that interchanges adjacent audit
> records that are out of order in the raw logs, so as to allow me to
> proceed. If someone else has a record sorter, please send it along.
setroubleshoot is written in python and it sorts its input stream to solve
this in the mean time. You might look there for some example code.
-Steve
More information about the Linux-audit
mailing list