On Thu, 2016-01-07 at 22:06 -0500, Paul Moore wrote:
> On January 7, 2016 6:47:02 PM Steve Grubb wrote:
>
> > On Friday, January 08, 2016 10:05:13 AM Burn Alting wrote:
> >> Steve,
> >>
> >> Can I suggest you modify src/ausearch-lol.c:check_events() to add in the
> >> AUDIT_PROCTITLE check (will
On January 7, 2016 6:47:02 PM Steve Grubb wrote:
On Friday, January 08, 2016 10:05:13 AM Burn Alting wrote:
Steve,
Can I suggest you modify src/ausearch-lol.c:check_events() to add in the
AUDIT_PROCTITLE check (will reduce memory overhead as events will be
flushed faster).
OK. Good suggesti
On Friday, January 08, 2016 10:05:13 AM Burn Alting wrote:
> Steve,
>
> Can I suggest you modify src/ausearch-lol.c:check_events() to add in the
> AUDIT_PROCTITLE check (will reduce memory overhead as events will be
> flushed faster).
OK. Good suggestion. The SVN repo has been updated.
> Also c
Steve,
Can I suggest you modify src/ausearch-lol.c:check_events() to add in the
AUDIT_PROCTITLE check (will reduce memory overhead as events will be
flushed faster).
Also can we ask Richard put a comment into the appropriate location in
the kernel code to indicate the link between ausearch/aurport
On Wednesday, January 06, 2016 09:30:36 PM Burn Alting wrote:
> #3 - modify the standard auparse() test code.
And this patch is applied. Thanks, Burn, for all the patches! This will make
analytical programs much more accurate since interlaced records won't split an
event up any more.
If anyone
