-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cover more message types #1
Comments
Doesn't seem to be documented, so here is may research results: type=AVC (1400)Used by AppArmor and SELinux for various messages.
|
Doesn't seem to be documented, so here is may research results: type=SECOMP (1326)Used by Secure Computing subsystem for notifications about violations. Fields
Examples
|
any update for now? |
No. The project is unmaintained since I lost interesting in messing with libaudit. |
Ref.: https://github.com/linux-audit/audit-documentation
SELinux
Ref.: https://selinuxproject.org/page/NB_AL
SELinux uses format different from all other audit events.
I'm not going to support it now. If you interested in SELinux
log pretty printing using audit_pretty - any help is appreciated.
AppArmor
System lifecycle events
User account lifecycle events
User login lifecycle events
Virt. manager guest lifecycle events
Seccomp violation notifications
Generic record types
This list is incomplete. More types listed here.
The text was updated successfully, but these errors were encountered: