questions about auditing on a new RH 6 box
Tangren, Bill
bill.tangren at usno.navy.mil
Fri Jan 14 19:27:37 UTC 2011
-----Original Message-----
From: LC Bruzenak [mailto:lenny at magitekltd.com]
Sent: Friday, January 14, 2011 2:24 PM
To: Tangren, Bill
Cc: linux-audit at redhat.com
Subject: RE: questions about auditing on a new RH 6 box
On Fri, 2011-01-14 at 19:07 +0000, Tangren, Bill wrote:
>
> Where can I read on how to classify events? I have been frustrated in
> the past, because I was required to generate volumes of audit logs,
> and I haven't had much success there.
man auditctl
look for the "-k key" section
LCB
OK, thanks. I'll read that.
More information about the Linux-audit
mailing list