record
arch
syscall
items
ppid
pid
auid
uid
gid
euid
suid
fsuid
egid
sgid
fsgid
tty
ses
comm
exe
subj
key
SYSCALL
success
exit
items
ppid
pid
auid
uid
gid
euid
suid
fsuid
egid
sgid
fsgid
tty
ses
comm
exe
subj
key
SYSCALL
audit_backlog_limit
old
auid
ses
subj
res
CONFIG_CHANGE
audit_backlog_wait_time
old
auid
ses
subj
res
CONFIG_CHANGE
audit_enabled
old
auid
ses
subj
res
CONFIG_CHANGE
audit_failure
old
auid
ses
subj
res
CONFIG_CHANGE
audit_pid
old
auid
ses
subj
res
CONFIG_CHANGE
audit_rate_limit
old
auid
ses
subj
res
CONFIG_CHANGE
auid
ses
MAC_POLICY_LOAD
op
path2
key
list
res
CONFIG_CHANGE
subj
op
key
list
res
CONFIG_CHANGE
uid
gid
ses
subj
pid
comm
exe
sig
ANOM_ABEND
arch
syscall
compat
ip
code
SECCOMP
cwd
CWD
dev
prom
old_prom
auid
uid
gid
ses
ANOM_PROMISCUOUS
enforcing
old_enforcing
auid
ses
MAC_STATUS
fd
flags
MMAP
item
name2
inode
dev
mode
ouid
ogid
rdev
obj
nametype
PATH
nametype
PATH
mqdes
mq_flags
mq_maxmsg
mq_msgsize
mq_curmsgs
MQ_GETSETATTR
msg_len
msg_prio
abs_timeout_sec
abs_timeout_nsec
MQ_SENDRECV
sigev_signo
MQ_NOTIFY
oflag
mode
mq_flags
mq_maxmsg
mq_msgsize
mq_curmsgs
MQ_OPEN
op
auid
pid
subj
res
DAEMON_END
ppid
pid
auid
uid
gid
euid
suid
fsuid
egid
sgid
fsgid
tty
ses
comm
exe
subj
res
ANOM_LINK
state
auid
pid
subj
res
DAEMON_CONFIG
ver
format
kernel
auid
pid
uid
ses
subj
res
DAEMON_START
opid
oauid
ouid
oses
obj
ocomm
OBJ_PID
ouid
ogid
mode
obj
IPC
pid
uid
auid
ses
subj
comm
exe
hostname
addr
terminal
res
SYSTEM_BOOT
SYSTEM_SHUTDOWN
default-context
selected-context
exe
hostname
addr
terminal
res
USER_ROLE_CHANGE
old-level
new-level
comm
exe
hostname
addr
terminal
res
SYSTEM_RUNLEVEL
op
acct
exe
hostname
addr
terminal
res
ADD_GROUP
GRP_MGMT
USER_AUTH
direction
cipher
ksize
mac
pfs
spid
suid
rport
laddr
lport
exe
hostname
addr
terminal
res
CRYPTO_SESSION
exe
hostname
addr
terminal
res
USYS_CONFIG
grantors
acct
exe
hostname
addr
terminal
res
CRED_ACQ
CRED_DISP
USER_ACCT
USER_AUTH
USER_CHAUTHTOK
USER_END
USER_START
grp
acct
exe
hostname
addr
terminal
res
DEL_GROUP
GRP_MGMT
USER_MGMT
gid
acct
exe
hostname
addr
terminal
res
GRP_MGMT
new_gid
acct
exe
hostname
addr
terminal
res
GRP_MGMT
id
exe
hostname
addr
terminal
res
USER_MGMT
id
exe
hostname
addr
terminal
res
ADD_GROUP
ADD_USER
DEL_GROUP
DEL_USER
GRP_MGMT
USER_CHAUTHTOK
USER_END
USER_LOGIN
USER_LOGOUT
USER_MGMT
USER_START
kind
fp
direction
spid
suid
exe
hostname
addr
terminal
res
CRYPTO_KEY_USER
rport
laddr
lport
exe
hostname
addr
terminal
res
CRYPTO_KEY_USER
printer
uri
banners
range
exe
hostname
addr
terminal
res
LABEL_LEVEL_CHANGE
seqno
exe
sauid
hostname
addr
terminal
USER_AVC
uid
exe
hostname
addr
terminal
res
USER_LOGIN
unit
comm
exe
hostname
addr
terminal
res
SERVICE_START
SERVICE_STOP
virt
op
reason
vm
uuid
vm-pid
exe
hostname
addr
terminal
res
VIRT_CONTROL
resrc
reason
vm
uuid
bus
device
exe
hostname
addr
terminal
res
VIRT_RESOURCE
cgroup
class
category
maj
acl
exe
hostname
addr
terminal
res
VIRT_RESOURCE
exe
hostname
addr
terminal
res
VIRT_RESOURCE
path2
rdev
acl
exe
hostname
addr
terminal
res
VIRT_RESOURCE
net
path2
rdev
exe
hostname
addr
terminal
res
VIRT_RESOURCE
old-chardev
new-chardev
exe
hostname
addr
terminal
res
VIRT_RESOURCE
old-disk
new-disk
exe
hostname
addr
terminal
res
VIRT_RESOURCE
old-mem
new-mem
exe
hostname
addr
terminal
res
VIRT_RESOURCE
old-net
new-net
exe
hostname
addr
terminal
res
VIRT_RESOURCE
old-rng
new-rng
exe
hostname
addr
terminal
res
VIRT_RESOURCE
old-vcpu
new-vcpu
exe
hostname
addr
terminal
res
VIRT_RESOURCE
vm
uuid
vm-ctx
img-ctx
model
exe
hostname
addr
terminal
res
VIRT_MACHINE_ID
subj
old-auid
auid
tty
old-ses
ses
res
LOGIN
ppid
pid
auid
uid
gid
euid
suid
fsuid
egid
sgid
fsgid
tty
ses
comm
exe
subj
feature
old
new
old_lock
new_lock
res
FEATURE_CHANGE
proctitle
PROCTITLE
qbytes
ouid
ogid
mode
IPC_SET_PERM
saddr
SOCKADDR
seresult
seperms
pid
comm
name2
dev
ino
scontext
tcontext
tclass
permissive
AVC
path2
dev
ino
scontext
tcontext
tclass
permissive
AVC
scontext
tcontext
tclass
permissive
AVC
scontext
tcontext
tclass
permissive
AVC
table
family
entries
NETFILTER_CFG