Zdenek,
Would you please give a sample to run research to find out arch?
Thanks.
---henry
On Thu, Jun 1, 2023, 00:48 Zdenek Pytela <zpytela(a)redhat.com> wrote:
On Wed, May 31, 2023 at 9:47 PM Henry Zhang <henryzhang62(a)gmail.com>
wrote:
> Hi folks,
>
> I want to analyze audit.log and see
> arch=c00000b7 syscall=35
>
> Where can I find what c00000b7 and 35 mean respectively for arm64 device?
>
Hi,
You'd better use the ausearch/aureport commands with the -i switch to
interpret them.
--
Zdenek Pytela
Security SELinux team