On Thu, May 9, 2019 at 8:02 PM Richard Guy Briggs wrote:
>
> Provide a method to filter out sockaddr and bind calls by network
> address family.
>
> Existing SOCKADDR records are listed for any network activity.
> Implement the AUDIT_SADDR_FAM field selector to be able to classify or
> limit recor
On Wed, May 22, 2019 at 5:51 PM Richard Guy Briggs wrote:
>
> Multiple checks were being done in one switch case statement that
> started to cause some redundancies and awkward exceptions. Separate the
> valid field and op check from the select valid values checks.
>
> Enforce the elimination of
On Thu, May 23, 2019 at 5:12 PM Richard Guy Briggs wrote:
> On 2019-05-14 09:55, Steve Grubb wrote:
> > Hello,
> >
> > On Monday, May 13, 2019 3:43:54 PM EDT Ondra N. wrote:
> > > I would like to ask a question about auditing write syscalls. I am trying
> > > to monitor all filesystem changes in
On 2019-05-14 09:55, Steve Grubb wrote:
> Hello,
>
> On Monday, May 13, 2019 3:43:54 PM EDT Ondra N. wrote:
> > I would like to ask a question about auditing write syscalls. I am trying
> > to monitor all filesystem changes in a specific directory and process the
> > changes in near real time - a
