On Wed, May 31, 2023 at 9:47 PM Henry Zhang <henryzhang62@gmail.com> wrote:

Hi folks,

I want to analyze audit.log and see
arch=c00000b7 syscall=35

Where can I find what c00000b7 and 35 mean respectively for arm64 device?

Hi,

You'd better use the ausearch/aureport commands with the -i switch to interpret them.

--

Zdenek Pytela

Security SELinux team