[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Filter for audit.log



On Monday 21 December 2009 10:46:51 am corbin arlut utexas edu wrote:
> Is there a way to get audit.log to filter messages from Splunk in RHEL 5
> server systems?

I really don't know what splunk is doing or why. Does it run with its own UID 
or does it run as root? If it does have its own uid, then that might be used 
for filtering. Aside from that, since its a commercial app, you might ask them 
if they've tested it on a linux system with nispom audit rules and what they 
would suggest.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]