summaryrefslogtreecommitdiff
path: root/src/journal/journald-audit.c
AgeCommit message (Collapse)Author
2015-10-27util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering
2015-10-27io-util.h: move iovec stuff from macro.h to io-util.hLennart Poettering
2015-10-27util-lib: split out hex/dec/oct encoding/decoding into its own fileLennart Poettering
2015-10-25util-lib: split out fd-related operations into fd-util.[ch]Lennart Poettering
There are more than enough to deserve their own .c file, hence move them over.
2015-10-24util-lib: split our string related calls from util.[ch] into its own file ↵Lennart Poettering
string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-09-09tree-wide: drop {} from one-line if blocksLennart Poettering
Patch via coccinelle.
2015-05-20journald: handle more gracefully when bind() fails on audit socketsLennart Poettering
2015-04-23journal: use audit event names instead of numbersZbigniew Jędrzejewski-Szmek
<audit-1400> is replaced by AVC, etc. A fallback mechanism is provided for unlisted event types. Occasionally new types are added to the kernel, but not too often. Add a simple "test", which simply prints the mapping.
2015-03-14journald: add syslog fields for audit messagesZbigniew Jędrzejewski-Szmek
Audit messages would be displayed as "unknown[1]". Also specify AUTH as facility... This seems to be the closest match (/* security/authorization messages */).
2015-01-22Assorted format fixesZbigniew Jędrzejewski-Szmek
Types used for pids and uids in various interfaces are unpredictable. Too bad.
2015-01-05journald: prefix exported calls with "server_", unexport unnecessary callsLennart Poettering
2014-12-30tree-wide: spelling fixesVeres Lajos
https://github.com/vlajos/misspell_fixer https://github.com/torstehu/systemd/commit/b6fdeb618cf2f3ce1645b3315f15f482710c7ffa Thanks to Torstein Husebo <torstein@huseboe.net>.
2014-11-28treewide: another round of simplificationsMichal Schmidt
Using the same scripts as in f647962d64e "treewide: yet more log_*_errno + return simplifications".
2014-11-28treewide: use log_*_errno whenever %m is in the format stringMichal Schmidt
If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.
2014-11-28treewide: more log_*_errno + return simplificationsMichal Schmidt
2014-11-28treewide: no need to negate errno for log_*_errno()Michal Schmidt
It corrrectly handles both positive and negative errno values.
2014-11-28treewide: auto-convert the simple cases to log_*_errno()Michal Schmidt
As a followup to 086891e5c1 "log: add an "error" parameter to all low-level logging calls and intrdouce log_error_errno() as log calls that take error numbers", use sed to convert the simple cases to use the new macros: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/' Multi-line log_*() invocations are not covered. And we also should add log_unit_*_errno().
2014-11-06journal: adjust audit log messages a bitLennart Poettering
2014-11-04journald: include audit message type number in MESSAGE= stringLennart Poettering
2014-11-04journal: also consider audit fields with '-' validLennart Poettering
2014-11-04journald: don't pass around SO_TIMESTAMP timestamp for audit, which we don't ↵Lennart Poettering
have anyway
2014-11-04journald: suppress low-level audit text prefix in MESSAGE= fieldLennart Poettering
Let's make the log output more readable, and the header can be reconstructed in full from the other fields
2014-11-04journald: properly decode audit's proctitle= fieldLennart Poettering
2014-11-04journald: enable audit in the kernel when initializingLennart Poettering
Similar to auditd actually turn on auditing as we are starting. This way we can operate entirely without auditd around.
2014-11-03journald: there's no point in turning on SO_TIMESTAMP for audit sockets, ↵Lennart Poettering
audit doesn't support timestamps anyway
2014-11-03journald: if available pull audit messages from the kernel into journal logsLennart Poettering