Excluding certain audit message types?
klausk at br.ibm.com
klausk at br.ibm.com
Fri Dec 7 18:14:38 UTC 2007
> Hello friendly audit people,
>
> I have a pretty simple question which I hope has a pretty simple answer.
Is
> it possible to exclude a specific audit message type from the audit log?
The
> auditctl man page looks like it might be possible using the syntax below
but
> I'm not sure ...
>
> # auditctl -a exclude,always -F msgtype=1415
>
yes, this is correct, but you may want to consider using the (usually more
meaningful) message type name instead:
# auditctl -a exclude,always -F msgtype=1112
or
# auditctl -a exclude,always -F msgtype=USER_LOGIN
Klaus
--
Klaus Heinrich Kiwi/Brazil/IBM <klausk at br.ibm.com>
Software Engineer
IBM STG, Linux Technology Center
Phone:(+55-19) 2132-1909 [T/L 839-1909]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20071207/40464807/attachment.htm>
More information about the Linux-audit
mailing list