[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Excluding certain audit message types?



On Friday 07 December 2007 1:14:38 pm klausk br ibm com wrote:
> > Hello friendly audit people,
> >
> > I have a pretty simple question which I hope has a pretty simple answer.
> > Is it possible to exclude a specific audit message type from the audit
> > log?  The auditctl man page looks like it might be possible using the
> > syntax below but I'm not sure ...
> >
> >  # auditctl -a exclude,always -F msgtype=1415
>
> yes, this is correct, but you may want to consider using the (usually more
> meaningful) message type name instead:
>
> # auditctl -a exclude,always -F msgtype=1112
> or
> # auditctl -a exclude,always -F msgtype=USER_LOGIN

Great, thanks for the tip.

BTW, what is the linux-audit-bounces list?  Some majordomo magic?

-- 
paul moore
linux security @ hp


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]