On Thursday 17 March 2005 12:57, Chris Wright wrote:
> Steve, are you working on processing log data, do you have a preference?
Yes, I am working on a utility to process the data. I have 4 comments:
1) Fields that magically appear and dissappear are problematic for fast
parsing.
2) There should
* David Woodhouse ([EMAIL PROTECTED]) wrote:
> On Wed, 2005-03-16 at 14:41 -0800, Chris Wright wrote:
> > * Ondrej Zary ([EMAIL PROTECTED]) wrote:
> > > This patch moves the "name=" field to the end of audit records. The
> > > original placement is bad because it cannot be properly parsed. It is
On Wed, 2005-03-16 at 14:41 -0800, Chris Wright wrote:
> * Ondrej Zary ([EMAIL PROTECTED]) wrote:
> > This patch moves the "name=" field to the end of audit records. The
> > original placement is bad because it cannot be properly parsed. It is
> > impossible to tell if the name is "/bin/true" or
* Ondrej Zary ([EMAIL PROTECTED]) wrote:
> This patch moves the "name=" field to the end of audit records. The
> original placement is bad because it cannot be properly parsed. It is
> impossible to tell if the name is "/bin/true" or "/bin/true inode=469634
> dev=00:00" because the "inode=" and
This patch moves the "name=" field to the end of audit records. The
original placement is bad because it cannot be properly parsed. It is
impossible to tell if the name is "/bin/true" or "/bin/true inode=469634
dev=00:00" because the "inode=" and "dev=" fields can be omitted.
Before:
audit(
5 matches
Mail list logo
