Setting up rules for af_unix plugin

Basim Baig basimbaig at gmail.com
Mon Oct 18 22:11:34 UTC 2010


Hello all,
I know this is a very simple question but i cannot find an answer in the
documentation. I have written a parser for the audit system where I am
taking events from the af_unix built in plugin through a socket and I am
using those events for system monitoring and passing them off to my own
storage/processing code etc. All this is done already. The question I have
is can I setup audit rules for the af_unix plugin alone. I want to monitor a
set of system calls but I do not want those system call events clogging up
the log file unnecessaraily and only want them to be passed to the af_unix
plugin only. Is there a way to do this? Right now I just set up the rules
using auditctl and thus they end up in the log file as well.
Thanks,
Basim Baig
SRI International
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20101018/aeb9295f/attachment.htm>


More information about the Linux-audit mailing list