Re: New draft standards

My comments are more from a log user (not developer) perspective. We are exporting close to 10GB/day of mostly auditd logs. This will potentially go upto 20GB/day next year. I'd prefer the ability to translate all auditd logs before they are written to disk. I believe this is what you have

Re: New draft standards

On Wed, 09 Dec 2015 12:43:37 +1100 Burn Alting wrote: > On Tue, 2015-12-08 at 19:28 -0500, Paul Moore wrote: > > On Tuesday, December 08, 2015 03:25:22 PM Steve Grubb wrote: > > > On Tuesday, December 08, 2015 02:58:18 PM Paul Moore wrote: > > > > On Tue, Dec 8, 2015 at

Re: New draft standards

On Thu, Dec 10, 2015 at 5:49 PM, Steve Grubb wrote: > On Wed, 09 Dec 2015 12:43:37 +1100 > Burn Alting wrote: > >> Steve, >> >> Can you mock up some examples of an 'enriched' event showing how it is >> different from what we have now. > > type=LOGIN

Re: Wrong audit message type when policy is reloaded

I guess I should have CCed the linux-audit mailing list from the start. As said in my initial mail (see bellow) wheb SELinux user object manager are reloading the policy, an audit message with a wrong type is logged USER_AVC vs USER_MAC_POLICY_LOAD. Le 06/11/15 17:29, Stephen Smalley a écrit