[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Setting up rules for af_unix plugin



Hello all,
I know this is a very simple question but i cannot find an answer in the documentation. I have written a parser for the audit system where I am taking events from the af_unix built in plugin through a socket and I am using those events for system monitoring and passing them off to my own storage/processing code etc. All this is done already. The question I have is can I setup audit rules for the af_unix plugin alone. I want to monitor a set of system calls but I do not want those system call events clogging up the log file unnecessaraily and only want them to be passed to the af_unix plugin only. Is there a way to do this? Right now I just set up the rules using auditctl and thus they end up in the log file as well.
Thanks,
Basim Baig
SRI International

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]