Monitoring events
Steve
m6x at ornl.gov
Thu Jun 8 13:55:15 UTC 2006
I have the program adding rules to Audit now. Thank you for your help.
I also have my program monitoring the output from auditd (via the
dispatch option in auditd.conf).
Ideally, I would like to only capture (or parse) events pertaining to
rules I have created (since other system processes are using auditd as
well). Is there's any kind of identifier that ties events to rules?
Thank you again,
Steve
More information about the Linux-audit
mailing list