Re: arch=c00000b7 syscall=35

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Zdenek,

ausearch only searches /var/log/audit/audit.log with SYSCALL number listed inside the audit.log
for example:
ausearch -i -sc 208

Thanks.

----henry

On Thu, Jun 1, 2023 at 8:13 AM Henry Zhang <henryzhang62@xxxxxxxxx> wrote:
Zdenek,

Would you please give a sample to run research to find out arch?
Thanks.

---henry

On Thu, Jun 1, 2023, 00:48 Zdenek Pytela <zpytela@xxxxxxxxxx> wrote:


On Wed, May 31, 2023 at 9:47 PM Henry Zhang <henryzhang62@xxxxxxxxx> wrote:
Hi folks,

I want to analyze audit.log and see
arch=c00000b7 syscall=35

Where can I find what c00000b7 and 35 mean respectively for arm64 device?
Hi,

You'd better use the ausearch/aureport commands with the -i switch to interpret them.

--

Zdenek Pytela
Security SELinux team
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux