[PATCH]: revised make xfrm_audit_log more generic patch
Steve Grubb
sgrubb at redhat.com
Tue Jul 24 17:10:59 UTC 2007
On Tuesday 24 July 2007 12:33:26 pm Joy Latten wrote:
> > It also wouldn't hurt to change the text being sent to this function to
> > have a hyphen instead of a space, so "SPD delete" becomes "SPD-delete".
> > This keeps the parser happy.
>
> Steve, more for my education, should all entries have this sort of
> syntax, that is, a hyphen in it?
Only if its something that is important to have associated in reports. More
that 1 or 2 hyphens is probably not good.
> I imagine some entries might be a bit more wordy and so I was wondering
> ahead of time how to do it.
The audit logs should be short as possible but contain everything necessary.
You can have language in the record that makes it more understandable for
people reading the raw record, but it won't necessarily be picked up by
report parsers for searching or presentation.
If you want me to help review the choices, let me know offline and we can work
through it.
-Steve
More information about the Linux-audit
mailing list