From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Abhishek Gupta" <abhikiki@gmail.com>
Subject: (no subject)
Date: Sat, 12 Jan 2008 08:45:09 -0500
Message-ID: <18436f8f0801120545w66ac58dbjc4e2e7533042db20@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0203761150=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m0CDjUpD003392
	for <linux-audit@redhat.com>; Sat, 12 Jan 2008 08:45:30 -0500
Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.188])
	by mx3.redhat.com (8.13.1/8.13.1) with ESMTP id m0CDj9jv023189
	for <linux-audit@redhat.com>; Sat, 12 Jan 2008 08:45:09 -0500
Received: by rv-out-0910.google.com with SMTP id k15so1354502rvb.51
	for <linux-audit@redhat.com>; Sat, 12 Jan 2008 05:45:09 -0800 (PST)
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

--===============0203761150==
Content-Type: multipart/alternative;
	boundary="----=_Part_4211_14590736.1200145509081"

------=_Part_4211_14590736.1200145509081
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

msg=audit(1116360555.329:2401771).

How to interpret above message?what does 1116360555,329,2401771 means here?
By looking at this type of audit message how can i interpret all the things
related to a particular process?
If i want to trace all syscalls called by particular process how to do that
without using ausearch(means by looking at above type messages)
how can i obtain strace output by this this auditing subsystem ?

------=_Part_4211_14590736.1200145509081
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<div>msg=audit(1116360555.329:2401771). </div>
<div>&nbsp;</div>
<div>How to interpret above message?what does 1116360555,329,2401771 means here?</div>
<div>By looking at this type of audit message how can i interpret all the things related to a particular process?</div>
<div>If i want to trace all syscalls called by particular process how to do that without using ausearch(means by looking at above type messages)</div>
<div>how can i obtain strace output by this this auditing subsystem ?</div>

------=_Part_4211_14590736.1200145509081--


--===============0203761150==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============0203761150==--