Dave,
> > > Anyway, I definitely don't see it as a top-level built-in command. Perhaps
> you could
> > > argue for an option to an existing command -- "ps", "log" or "sys" maybe?
> > >
> >
> > Yes, I never definitely need the name "dumpaudit.
> >
> > I think log command is best suited in meaning for audit logs.
> >
> > By the way. I don't understand why you listed ps command first.
> > I don't find any similarity to ps command with audit.
>
> It was just an off-the-top-of-my-head suggestion, where I thought of it because
> auditing is often
> concerned with process-related events. But given there are other kinds of
> things that get audited,
> I agree that "log" is more suitable.
>
I've written the first version of the patch adding a feature to dump kernel
audit logs as log -a.
Could you review this patch?
I made this patch on top of today's latest commit on github crash utility
repository:
https://github.com/crash-utility/crash/commit/ed60e97e319a1cfc9e2779aa1baac305677393d8
Thanks.
HATAYAMA, Daisuke
Attachment:
0001-Add-a-feature-to-dump-audit-logs-in-log-command-as-a.patch
Description: 0001-Add-a-feature-to-dump-audit-logs-in-log-command-as-a.patch
-- Crash-utility mailing list Crash-utility@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/crash-utility
