ausearch on aggregation - syscall difference
Steve Grubb
sgrubb at redhat.com
Fri Oct 24 18:37:18 UTC 2008
On Friday 24 October 2008 13:27:49 LC Bruzenak wrote:
> So it looks like the architectures interpretation (-i) of the syscall is
> where it differs?
Yes, there was a collision between the unset value and the i386 value in the
source code. This meant that it when it ran across I386 machines, it thought
there was an error looking it up and reverted to looking up the uname machine
value as a fallback. Svn commit 155 fixes this.
-Steve
More information about the Linux-audit
mailing list