this patch set uses the audit framework without any rate limiting, and in the somewhat more structured audit format. that sounds like what you want.
+ audit_log_format(ab, "exploit id=%s pid=%u uid=%u auid=%u ses=%u comm=", + id, pid, uid, + from_kuid(&init_user_ns, audit_get_loginuid(task)), + audit_get_sessionid(task));
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds