[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Filter



On Wednesday, August 04, 2010 06:25:59 am List Quest wrote:
> I need filter logs to terminal name(if tty/terminal equal none, write to
> audit.log).
> 
> Example: -a entry,always -S execve -F tty!=none
> 
> But, no use tty in filter parameter list. How this?

The kernel does not filter on tty because it is a text string and not a number. 
So, all events would get recorded. you would then run a search against the 
logs to find the records you want.

That's the way it is unless someone submits patches. ;)

-Steve 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]