Filter for audit.log
Steve Grubb
sgrubb at redhat.com
Tue Dec 22 19:13:18 UTC 2009
On Monday 21 December 2009 10:46:51 am corbin at arlut.utexas.edu wrote:
> Is there a way to get audit.log to filter messages from Splunk in RHEL 5
> server systems?
I really don't know what splunk is doing or why. Does it run with its own UID
or does it run as root? If it does have its own uid, then that might be used
for filtering. Aside from that, since its a commercial app, you might ask them
if they've tested it on a linux system with nispom audit rules and what they
would suggest.
-Steve
More information about the Linux-audit
mailing list