To the best of my knowledge there is no way to generate every record type. I did send sgrubb the beginnings of me trying to write a suite of programs to exercise some of them for hopeful eventual inclusion in the auparse checker tool...
I really think such a thing would be useful... On Wed, 2014-04-09 at 16:25 +1000, Burn Alting wrote: > All, > > Does there exist a repository of audit events that could be used to test > changes to the audit parsing code? > > Although turning on > > -a always,exit -F arch=b32 -S all > and > -a always,exit -F arch=b64 -S all > > for a while does tend to generate a lot of audit, but it's clearly not > exhaustive so I am hoping we have some repositories that are shareable > and one can test against. > > Rgds > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit