[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: questions about auditing on a new RH 6 box




-----Original Message-----
From: Steve Grubb [mailto:sgrubb redhat com] 
Sent: Friday, January 14, 2011 1:59 PM
To: linux-audit redhat com; Tangren, Bill
Subject: Re: questions about auditing on a new RH 6 box

On Friday, January 14, 2011 12:35:06 pm LC Bruzenak wrote:
> Probably can use a sampling of events as well.

Since keys are not being used to classify events (hint hint) the best you can do is 
run something like this:

aureport --start today --summary --syscall -i

-Steve

******************
Where can I read on how to classify events? I have been frustrated in the past, because I was required to generate volumes of audit logs, and I haven't had much success there.


Thanks everyone for all of your help. I really appreciate it.

Bill


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]