Monitoring events
Steve
m6x at ornl.gov
Thu Jun 8 14:57:28 UTC 2006
>>>> Is there's any kind of identifier that ties events to rules?
>>> Which kernel are you using? Are your events only watches or do you care
>>> about syscall auditing as well (meaning you have set some syscall audit
>>> rules) ?
>> kernel-2.6.16-1.2212.2.8_FC6.lspp.34.i686 on Fedora Core 5
>> At the moment they are only watches,
> OK, the lspp series (so far) does not support the idea of a "key tag" as RHEL4
> did.
So, assuming I installed RHEL4, would this "key tag" allow all events to
be tied to rules, or just the file watch events?
More information about the Linux-audit
mailing list