How Audit event triggers in Kernel
Ashok Kumar J
ashok.jagathesan at gmail.com
Thu Jan 27 12:14:40 UTC 2011
Dear ALL,
I saw the function audit_send in the netlink.c file. This function is used
to send the audit rules set into kernel. My question is How Audit event
triggers for system call in kernel.
My second question is, After getting the reply packet from the netlink
socket through the function audit_get_reply(). How the audit log format
achieved for system call before storing the audit log.
--
with regards
Ashok Kumar J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110127/0e31b7de/attachment.htm>
More information about the Linux-audit
mailing list