Steve Grubb wrote:
If somebody has a better idea/code in hand when we start the 2.0 code, I'd
like to consider it. The pre-requisites are it has to be backward compatible,
it has to handle unicode, it has to handle fields with odd characters.
I have thought for some time now that the kernel would do better to
produce binary records. This would have many advantages, including:
* Very simple parsing
* Much faster to parse
* Faster to produce
* Much easier to specify
The production of text would then be the problem of the audit daemon. If
the current text based nightmare were frozen, they could even live
side-by-side.
Matt
--
Matthew Booth, RHCA, RHCSS
Red Hat, Global Professional Services
M: +44 (0)7977 267231
GPG ID: D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
