From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ashok Kumar J <ashok.jagathesan@gmail.com>
Subject: How Audit event triggers in Kernel
Date: Thu, 27 Jan 2011 17:44:40 +0530
Message-ID: <AANLkTikRiAonQgRZTLiBA8D=6uUUPDf2e4OESMftHHdG@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3391182417497696885=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx09.extmail.prod.ext.phx2.redhat.com
	[10.5.110.13])
	by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id p0RCErUv032249
	for <linux-audit@redhat.com>; Thu, 27 Jan 2011 07:14:53 -0500
Received: from mail-qw0-f46.google.com (mail-qw0-f46.google.com
	[209.85.216.46])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id p0RCEeY0005179
	for <linux-audit@redhat.com>; Thu, 27 Jan 2011 07:14:41 -0500
Received: by qwa26 with SMTP id 26so2070759qwa.33
	for <linux-audit@redhat.com>; Thu, 27 Jan 2011 04:14:40 -0800 (PST)
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

--===============3391182417497696885==
Content-Type: multipart/alternative; boundary=0015175cb546def6d0049ad2e4b5

--0015175cb546def6d0049ad2e4b5
Content-Type: text/plain; charset=ISO-8859-1

Dear ALL,

I saw the function audit_send in the netlink.c file. This function is used
to send the audit rules set into kernel. My question is  How Audit event
triggers for system call in kernel.


My second question is, After getting the reply packet from the netlink
socket through the function audit_get_reply(). How the audit log format
achieved for system call before storing the audit log.
-- 
with regards

Ashok Kumar J

--0015175cb546def6d0049ad2e4b5
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<br clear=3D"all">Dear ALL,<br><br>I saw the function audit_send in the net=
link.c file. This function is used to send the audit rules set into kernel.=
 My question is=A0 How Audit event triggers for system call in kernel.<br><=
br>
<br>My second question is, After getting the reply packet from the netlink =
socket through the function audit_get_reply(). How the audit log format ach=
ieved for system call before storing the audit log.<br>-- <br>with regards<=
br>
<br>Ashok Kumar J <br><br>

--0015175cb546def6d0049ad2e4b5--


--===============3391182417497696885==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============3391182417497696885==--