[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: filtering by auid



David Woodhouse wrote:


auditctl -a user,never -F loginuid!=$LOGINUID
auditctl -a user,always -F loginuid=$LOGINUID


The way you mentioned is for User messages filtering on auid. I see in the man pages for auditctl there is a watch list as well. Can I safely assume that the method below should filter on loginuid for watches?


auditctl -a watch,never -F auid=$LOGINUID
auditctl -a watch,always -F auid=$LOGINUID



Thanks
- Loulwa



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]