Monitoring events

Steve m6x at ornl.gov
Thu Jun 8 13:55:15 UTC 2006


I have the program adding rules to Audit now.  Thank you for your help.

I also have my program monitoring the output from auditd (via the 
dispatch option in auditd.conf).

Ideally, I would like to only capture (or parse) events pertaining to 
rules I have created (since other system processes are using auditd as 
well).  Is there's any kind of identifier that ties events to rules?

Thank you again,
Steve




More information about the Linux-audit mailing list