Re: What does "---" in audit.log timestamp / event-id field mean?

On 5/18/2022 9:25 AM, Lenny Bruzenak wrote: On 5/17/22 16:41, Steve Grubb wrote: Hello, On Thursday, May 12, 2022 4:01:34 AM EDT Sam Pinkus wrote: I'm using auditd=1:2.8.4-3 on Debian. I got this event in my audit.log: ... type=SYSCALL msg=audit(16523210---): arch=c03e syscall=87 succes

Re: What does "---" in audit.log timestamp / event-id field mean?

On 5/17/22 16:41, Steve Grubb wrote: Hello, On Thursday, May 12, 2022 4:01:34 AM EDT Sam Pinkus wrote: I'm using auditd=1:2.8.4-3 on Debian. I got this event in my audit.log: ... type=SYSCALL msg=audit(16523210---): arch=c03e syscall=87 success=yes exit=0 a0=7f867d66a3ed a1=7f867d66a3ed

Re: What does "---" in audit.log timestamp / event-id field mean?

Hello, On Thursday, May 12, 2022 4:01:34 AM EDT Sam Pinkus wrote: > I'm using auditd=1:2.8.4-3 on Debian. I got this event in my audit.log: > > > ... > type=SYSCALL msg=audit(16523210---): arch=c03e syscall=87 success=yes > exit=0 a0=7f867d66a3ed a1=7f867d66a3ed a2=0 a3=792f18 items=2 ppid=2

What does "---" in audit.log timestamp / event-id field mean?

Hi, I'm using auditd=1:2.8.4-3 on Debian. I got this event in my audit.log: ... type=SYSCALL msg=audit(16523210---): arch=c03e syscall=87 success=yes exit=0 a0=7f867d66a3ed a1=7f867d66a3ed a2=0 a3=792f18 items=2 ppid=2275 pid=16746 auid=1000 ui