On Fri, 14 Aug 2020 20:50:47 +0200 peter enderborg <peter.enderborg@xxxxxxxx> wrote: > On 8/14/20 8:30 PM, Steven Rostedt wrote: > > On Fri, 14 Aug 2020 20:06:34 +0200 > > peter enderborg <peter.enderborg@xxxxxxxx> wrote: > > > >> Im find with that, but then you can not do filtering? I would be > >> pretty neat with a filter saying tclass=file permission=write. > >> > > Well, if the mapping is stable, you could do: > > > > (tclass == 6) && (audited & 0x4) > > It does not happen to exist a hook for translate strings to numeric values when inserting filter? > How would you imagine such a hook existing? Something that would be specific to each trace event class, where you can register at boot up a mapping of names to values? Or a function that would translate it? -- Steve
