How Audit event triggers in Kernel

Ashok Kumar J ashok.jagathesan at gmail.com
Thu Jan 27 12:14:40 UTC 2011


Dear ALL,

I saw the function audit_send in the netlink.c file. This function is used
to send the audit rules set into kernel. My question is  How Audit event
triggers for system call in kernel.


My second question is, After getting the reply packet from the netlink
socket through the function audit_get_reply(). How the audit log format
achieved for system call before storing the audit log.
-- 
with regards

Ashok Kumar J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20110127/0e31b7de/attachment.htm>


More information about the Linux-audit mailing list