[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Monitoring events



I have the program adding rules to Audit now.  Thank you for your help.

I also have my program monitoring the output from auditd (via the dispatch option in auditd.conf).

Ideally, I would like to only capture (or parse) events pertaining to rules I have created (since other system processes are using auditd as well). Is there's any kind of identifier that ties events to rules?

Thank you again,
Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]