audit_name_to_errno - Linux
Overview
audit_name_to_errno translates an audit system call name to an error number. It is useful for understanding the relationship between the symbolic names and error numbers used in audit reports.
Syntax
audit_name_to_errno [OPTIONS] <audit-syscall-name>
Options/Flags
- -h, –help: Display help information
- -v, –version: Print version information
Examples
To translate the audit system call name open
to an error number:
$ audit_name_to_errno open
2
To translate the error number 2
to an audit system call name:
$ audit_name_to_errno -v 2
open 2
Common Issues
- Ensure that the audit system call name is spelled correctly.
- If the translation fails, the audit system call name may not be valid.
Integration
audit_name_to_errno can be used in conjunction with other commands to analyze audit logs. For example, to search for all failed open
system calls in an audit log:
ausearch -f | audit_name_to_errno open | grep -E "2$"
Related Commands
- ausearch: Search audit trails
- aureport: Generate human-readable audit reports