summaryrefslogtreecommitdiff
path: root/src/journal/journald-audit.c
AgeCommit message (Collapse)Author
2014-11-28treewide: another round of simplificationsMichal Schmidt
Using the same scripts as in f647962d64e "treewide: yet more log_*_errno + return simplifications".
2014-11-28treewide: use log_*_errno whenever %m is in the format stringMichal Schmidt
If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.
2014-11-28treewide: more log_*_errno + return simplificationsMichal Schmidt
2014-11-28treewide: no need to negate errno for log_*_errno()Michal Schmidt
It corrrectly handles both positive and negative errno values.
2014-11-28treewide: auto-convert the simple cases to log_*_errno()Michal Schmidt
As a followup to 086891e5c1 "log: add an "error" parameter to all low-level logging calls and intrdouce log_error_errno() as log calls that take error numbers", use sed to convert the simple cases to use the new macros: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/' Multi-line log_*() invocations are not covered. And we also should add log_unit_*_errno().
2014-11-06journal: adjust audit log messages a bitLennart Poettering
2014-11-04journald: include audit message type number in MESSAGE= stringLennart Poettering
2014-11-04journal: also consider audit fields with '-' validLennart Poettering
2014-11-04journald: don't pass around SO_TIMESTAMP timestamp for audit, which we don't ↵Lennart Poettering
have anyway
2014-11-04journald: suppress low-level audit text prefix in MESSAGE= fieldLennart Poettering
Let's make the log output more readable, and the header can be reconstructed in full from the other fields
2014-11-04journald: properly decode audit's proctitle= fieldLennart Poettering
2014-11-04journald: enable audit in the kernel when initializingLennart Poettering
Similar to auditd actually turn on auditing as we are starting. This way we can operate entirely without auditd around.
2014-11-03journald: there's no point in turning on SO_TIMESTAMP for audit sockets, ↵Lennart Poettering
audit doesn't support timestamps anyway
2014-11-03journald: if available pull audit messages from the kernel into journal logsLennart Poettering