auditctl usage for filter lists: "user" , "watch" and "exclude"

Steve Grubb sgrubb at redhat.com
Thu May 18 16:16:20 UTC 2006

Previous message (by thread): auditctl usage for filter lists: "user" , "watch" and "exclude"
Next message (by thread): auditctl usage for filter lists: "user" , "watch" and "exclude"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday 18 May 2006 12:04, Michael C Thompson wrote:
> So then it should be safe to say that having two -F msgtype=... is an
> invalid construct for a rule? Since messages have only 1 type?

Only if they are using the '=' operator. Other operators might be valid to 
have multiple -F msgtype.

-Steve

Previous message (by thread): auditctl usage for filter lists: "user" , "watch" and "exclude"
Next message (by thread): auditctl usage for filter lists: "user" , "watch" and "exclude"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audit mailing list