Audit log Fields
Burn Alting
burn at swtf.dyndns.org
Thu Feb 11 13:06:54 UTC 2016
Sowndarya,
Are you are asking how do you propose another public field name to be
added to the list in
https://people.redhat.com/sgrubb/audit/audit-events.txt ?
If so, I'd suggest you provide
a. Proposed field name
b. Description of it's content.
c. Describe how it's going to be used.
The list can then make comment and/or provide advice.
Steve,
Perhaps we could update the above document to advise users what they
should offer in such a proposal.
Perhaps further, we could offer a generic solution on how one could
define a 'non-public' field name. That is, a 'non-public' field is one
which could not, via it's nomenclature, conflict with a current or
future 'public' (aka published) field name. Such non-public fields could
then be used by capability that only needs the audit source and audit
consumer to be aware of the field.
Hopefully I am not reading too much into the original request.
Regards
On Thu, 2016-02-11 at 18:07 +0530, Sowndarya K wrote:
> As of now there are so many proposed fields in the audit event log ,
> if I wanted to one proposed field which is of not use as much ,which
> one can I chose for ?
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
More information about the Linux-audit
mailing list