Re: [redhat-lspp] USER_LOGIN record no longer has acct field

Loulwa Salem Thu, 21 Sep 2006 08:22:53 -0700

Linda Knippers wrote:

type=USER_LOGIN msg=audit(1158674606.789:1503): user pid=10052 uid=0
auid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c255 msg='uid=0:
exe="/usr/sbin/sshd" (hostname=16.116.117.213, addr=2.0.0.0,
terminal=/dev/pts/3 res=success)'


type=USER_LOGIN msg=audit(1158668540.641:1460): user pid=9595 uid=0
auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c255
msg='acct=root: exe="/usr/sbin/sshd" (hostname=?, addr=?, terminal=sshd
res=failed)'

I need to parse this record type, so is this the final format of the record asfar as we know?


- Loulwa

--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp

Re: [redhat-lspp] USER_LOGIN record no longer has acct field

Reply via email to