user audits

[LC Bruzenak]

Steve,

Would there be any issue with adding a couple new trusted_application
event types? Would any kernel mods be needed to support this?

The reason I ask is because I'd like to process some event types
differently on the back end (the aggregator) and if I could easily
identify those types it would make life easier.

Some trusted_application events are for recording "bad" security issues,
some for "good", etc. and I'd like to easily differentiate those. 

I can put something inside the event text but if possible would prefer a
couple different types, like trusted_app1, trusted_app2, etc.

Thx,
LCB

-- 
LC (Lenny) Bruzenak
lenny at magitekltd.com