auditing of process exit
Hassan Sultan
hsultan at thefroid.net
Sun Dec 14 03:26:09 UTC 2014
Hi,
I can't figure out how to get audit log entries for process termination.
Abnormal process termination auditing occurs, however for NORMAL process
termination, I can't find anything.
I tried the syscall route, using the exit syscall, however this does not
seem to work, maybe because it logs on exit of the syscall and that call
never returns ?
How can I get a log of all processes exiting then ?
Thanks,
Hassan
More information about the Linux-audit
mailing list