questions about auditing on a new RH 6 box

Tangren, Bill bill.tangren at usno.navy.mil
Fri Jan 14 19:27:37 UTC 2011



-----Original Message-----
From: LC Bruzenak [mailto:lenny at magitekltd.com] 
Sent: Friday, January 14, 2011 2:24 PM
To: Tangren, Bill
Cc: linux-audit at redhat.com
Subject: RE: questions about auditing on a new RH 6 box

On Fri, 2011-01-14 at 19:07 +0000, Tangren, Bill wrote:
> 
> Where can I read on how to classify events? I have been frustrated in
> the past, because I was required to generate volumes of audit logs,
> and I haven't had much success there. 

man auditctl 
look for the "-k key" section

LCB


OK, thanks. I'll read that.




More information about the Linux-audit mailing list