audit_name_to_fstype - Linux


audit_name_to_fstype is a Linux command used to determine the file system type associated with a given audit filesystem mountpoint. It plays a crucial role in handling file system events in audit logs, ensuring the accurate categorization and analysis of security-related activities.


audit_name_to_fstype mountpoint


This command has no options or flags.


Simple example:

audit_name_to_fstype /

Obtaining file system type of a specific mountpoint:

audit_name_to_fstype /tmp/new_mount

Common Issues

Invalid mountpoint:
If the specified mountpoint does not exist or is not recognized, audit_name_to_fstype will return an error. Verify the existence and validity of the mountpoint before using this command.


Combining with findmnt:

findmnt -n / | while read mountpoint; do audit_name_to_fstype $mountpoint; done

This command chain iteratively queries the file system type of all mounted file systems under /.

Related Commands

  • auditctl: Configures and manages audit rules.
  • ausearch: Searches audit logs.
  • audita2allow: Converts audit rules into SELinux policy.