summaryrefslogtreecommitdiff
path: root/src/journal/journald-audit.c
AgeCommit message (Collapse)Author
2015-04-23journal: use audit event names instead of numbersZbigniew Jędrzejewski-Szmek
<audit-1400> is replaced by AVC, etc. A fallback mechanism is provided for unlisted event types. Occasionally new types are added to the kernel, but not too often. Add a simple "test", which simply prints the mapping.
2015-03-14journald: add syslog fields for audit messagesZbigniew Jędrzejewski-Szmek
Audit messages would be displayed as "unknown[1]". Also specify AUTH as facility... This seems to be the closest match (/* security/authorization messages */).
2015-01-22Assorted format fixesZbigniew Jędrzejewski-Szmek
Types used for pids and uids in various interfaces are unpredictable. Too bad.
2015-01-05journald: prefix exported calls with "server_", unexport unnecessary callsLennart Poettering
2014-12-30tree-wide: spelling fixesVeres Lajos
https://github.com/vlajos/misspell_fixer https://github.com/torstehu/systemd/commit/b6fdeb618cf2f3ce1645b3315f15f482710c7ffa Thanks to Torstein Husebo <torstein@huseboe.net>.
2014-11-28treewide: another round of simplificationsMichal Schmidt
Using the same scripts as in f647962d64e "treewide: yet more log_*_errno + return simplifications".
2014-11-28treewide: use log_*_errno whenever %m is in the format stringMichal Schmidt
If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.
2014-11-28treewide: more log_*_errno + return simplificationsMichal Schmidt
2014-11-28treewide: no need to negate errno for log_*_errno()Michal Schmidt
It corrrectly handles both positive and negative errno values.
2014-11-28treewide: auto-convert the simple cases to log_*_errno()Michal Schmidt
As a followup to 086891e5c1 "log: add an "error" parameter to all low-level logging calls and intrdouce log_error_errno() as log calls that take error numbers", use sed to convert the simple cases to use the new macros: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/' Multi-line log_*() invocations are not covered. And we also should add log_unit_*_errno().
2014-11-06journal: adjust audit log messages a bitLennart Poettering
2014-11-04journald: include audit message type number in MESSAGE= stringLennart Poettering
2014-11-04journal: also consider audit fields with '-' validLennart Poettering
2014-11-04journald: don't pass around SO_TIMESTAMP timestamp for audit, which we don't ↵Lennart Poettering
have anyway
2014-11-04journald: suppress low-level audit text prefix in MESSAGE= fieldLennart Poettering
Let's make the log output more readable, and the header can be reconstructed in full from the other fields
2014-11-04journald: properly decode audit's proctitle= fieldLennart Poettering
2014-11-04journald: enable audit in the kernel when initializingLennart Poettering
Similar to auditd actually turn on auditing as we are starting. This way we can operate entirely without auditd around.
2014-11-03journald: there's no point in turning on SO_TIMESTAMP for audit sockets, ↵Lennart Poettering
audit doesn't support timestamps anyway
2014-11-03journald: if available pull audit messages from the kernel into journal logsLennart Poettering