auditd 2.0.5 and 2.2 log format changes
Ismail Yenigul
ismailyenigul at gmail.com
Tue May 20 15:35:52 UTC 2014
Thanks for prompt reply.
The kernel versions are very close.
Redhat: 2.6.32-431.11.2.el6.x86_64
Suse: 2.6.37.1-1.2-desktop
Is there any change in audit.rules format?
Have a nice days.
2014-05-20 18:31 GMT+03:00 Steve Grubb <sgrubb at redhat.com>:
> On Tue, 20 May 2014 18:18:14 +0300
> Ismail Yenigul <ismailyenigul at gmail.com> wrote:
> > I have a scipt to correlate(for user friendly report) auditd 2.2
> > version logs. It works on RedHat.
> > We have suse 11.4 server running audit 2.0.5 version .
> >
> > I could not see any major log format difference between two version.
> > I see that there is nametype=NORMAL field difference at the end of
> > each line for version 2.2.
>
> This is not related to auditd. This is a change in the kernel. Auditd
> just distributes events to disk and other applications.
>
>
> > Is there any other log format changes between two versions?
>
> There are likely differences in the kernels (and possibly user space
> apps). I have no idea what they are.
>
> -Steve
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20140520/448e9c22/attachment.htm>
More information about the Linux-audit
mailing list