[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] auvirt: a new tool for reporting events related to virtual machines



I took a look at some anomaly events and I'm thinking to correlate them to guests based on the SELinux context or maybe based on the pid field.

Do you think there is another ways to correlate them?

Regards,
Marcelo

On 01/11/2012 07:20 PM, Steve Grubb wrote:
On Thursday, January 05, 2012 11:44:57 AM Marcelo Cerri wrote:
But I'm not sure what means "anomaly events". Would it be malformed
records (without some fields, for example) or a specific record type
generated by the kernel or some other userspace application?
No, these are events in the range of AUDIT_FIRST_ANOM_MSG and
AUDIT_LAST_ANOM_MSG and some from the kernel in the range of
AUDIT_FIRST_KERN_ANOM_MSG and AUDIT_LAST_KERN_ANOM_MSG.

-Steve



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]