[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ausearch message types



On 10/31/2016 04:21 PM, LC Bruzenak wrote:
I'm on the 2.4.5 version of the audit code.
Has anyone thought about or implemented a exclusionary message list, such as:

ausearch -m ALL-avc,user_avc -ts today

Actually in this case I'm running the search from a script so I can easily take the stderr results from "ausearch -i -m help", pipe them into a sed substitution which removes the preceding text, removes the ones I don't want, and replaces the spaces with commas. So for now I am set; still I think it would perhaps be helpful to have at some point.

--
LC Bruzenak
magitekltd.com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]