AuditctlStatus - Report auditd status

class insights.parsers.auditctl_status.AuditctlStatus(context)[source]

Bases: LegacyItemAccess, CommandParser

Warning

This parser is deprecated, please use insights.parsers.auditctl.AuditdStatus instead.

Module for parsing the output of the auditctl -s command.

Typical output on RHEL6 looks like:

AUDIT_STATUS: enabled=1 flag=1 pid=1483 rate_limit=0 backlog_limit=8192 lost=3 backlog=0

, while on RHEL7 the output changes to:

enabled 1
failure 1
pid 947
rate_limit 0
backlog_limit 320
lost 0
backlog 0
loginuid_immutable 0 unlocked

Example

>>> type(auds)
<class 'insights.parsers.auditctl_status.AuditctlStatus'>
>>> "enabled" in auds
True
>>> auds['enabled']
1
parse_content(content)[source]

This method must be implemented by classes based on this class.