Created
September 29, 2012 13:29
-
-
Save ianrumford/3804014 to your computer and use it in GitHub Desktop.
Cascalog auditd log file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
node=cdh4flumevm1 type=DAEMON_START msg=audit(1342114506.467:9723): auditd start, ver=1.7.18 format=raw kernel=3.2.0-26-generic auid=4294967295 pid=1054 subj=unconfined res=success | |
node=cdh4flumevm1 type=CONFIG_CHANGE msg=audit(1342114506.571:24): audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 res=1 | |
node=cdh4flumevm1 type=CONFIG_CHANGE msg=audit(1342114506.571:25): audit_failure=2 old=1 auid=4294967295 ses=4294967295 res=1 | |
node=cdh4flumevm1 type=CONFIG_CHANGE msg=audit(1342114506.579:105): audit_enabled=1 old=1 auid=4294967295 ses=4294967295 res=1 | |
node=cdh4flumevm1 type=LOGIN msg=audit(1342114506.751:106): login pid=1104 uid=0 old auid=4294967295 new auid=104 old ses=4294967295 new ses=1 | |
node=cdh4flumevm1 type=LOGIN msg=audit(1342114517.503:107): login pid=1447 uid=0 old auid=4294967295 new auid=1000 old ses=4294967295 new ses=2 | |
node=cdh4flumevm1 type=SYSCALL msg=audit(1342114517.511:108): arch=c000003e syscall=87 success=no exit=-2 a0=e273d0 a1=0 a2=e22620 a3=7ffffcd967e0 items=1 ppid=1447 pid=1539 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="gnome-keyring-d" exe="/usr/bin/gnome-keyring-daemon" key="delete" | |
node=cdh4flumevm1 type=CWD msg=audit(1342114517.511:108): cwd="/" | |
node=cdh4flumevm1 type=PATH msg=audit(1342114517.511:108): item=0 name="/tmp/keyring-GZxINJ/control" inode=1574066 dev=08:01 mode=040700 ouid=1000 ogid=1000 rdev=00:00 | |
node=cdh4flumevm1 type=SYSCALL msg=audit(1342114517.547:109): arch=c000003e syscall=93 success=yes exit=0 a0=9 a1=3e8 a2=3e8 a3=7fff7d9907c0 items=1 ppid=987 pid=1447 auid=1000 uid=1000 gid=1000 euid=1000 suid=0 fsuid=1000 egid=1000 sgid=0 fsgid=1000 tty=(none) ses=2 comm="lightdm" exe="/usr/sbin/lightdm" key="perm_mod" | |
node=cdh4flumevm1 type=PATH msg=audit(1342114517.547:109): item=0 name=(null) inode=2228290 dev=08:01 mode=0100600 ouid=1000 ogid=1000 rdev=00:00 | |
node=cdh4flumevm1 type=SYSCALL msg=audit(1342114517.547:110): arch=c000003e syscall=91 success=yes exit=0 a0=9 a1=8180 a2=3e8 a3=7fff7d9907c0 items=1 ppid=987 pid=1447 auid=1000 uid=1000 gid=1000 euid=1000 suid=0 fsuid=1000 egid=1000 sgid=0 fsgid=1000 tty=(none) ses=2 comm="lightdm" exe="/usr/sbin/lightdm" key="perm_mod" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment