On Thu, 2005-11-10 at 13:27 -0500, Stephen Smalley wrote: > On Thu, 2005-11-10 at 12:46 -0300, Ma. Alejandra Castillo wrote: > > I am occupying the tool seaudit in fedora core 4, but the fields host > > and executablee they appear always empty, what is very strange. I am > > charging /var/log/audit.log, some suggestion so that these fields > > appear? > > Logging of the executable path migrated from the SELinux avc audit code > to the syscall audit code due to a deadlock issue, so avc messages only > include the comm= information now. However, whenever an avc message is > generated, a syscall audit record is also generated when the syscall > exits, and that includes the exe= information. The two messages can be > correlated using the audit event id. I don't know if newer versions of > seaudit perform such correlation or not. BTW, you can also use aureport and ausearch to query the audit logs. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
