File: //usr/share/systemtap/examples/process/auditbt.stp
#!/usr/bin/stap
# Copyright (C) 2012 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# If suspecting particular processes triggering audit records,
# reinvoke with stap -d /bin/program -d /lib/library --ldd
probe kernel.function("audit_log_end") {
message_address = $ab->skb->head + 16; // audit data follows struct nlmsghdr
message = kernel_string(message_address)
printf("%s[%d] %s\n", execname(), tid(), message);
print_ubacktrace();
}