ausearch on aggregation - syscall difference
Steve Grubb
sgrubb at redhat.com
Fri Oct 24 17:16:21 UTC 2008
On Friday 24 October 2008 13:08:41 LC Bruzenak wrote:
> Note that the syscall is listed differently.
Interesting.
> This is using the 1.7.7 code (on F9), I have not yet moved over to 1.7.8
> in case it may be fixed there.
Nope...nothing was changed there to fix it. This is the first I'd heard of the
problem..Can you show me the raw record?
ausearch -ts today -a 10038 --raw
Thanks,
-Steve
More information about the Linux-audit
mailing list