Excluding certain audit message types?
Paul Moore
paul.moore at hp.com
Fri Dec 7 18:51:55 UTC 2007
On Friday 07 December 2007 1:14:38 pm klausk at br.ibm.com wrote:
> > Hello friendly audit people,
> >
> > I have a pretty simple question which I hope has a pretty simple answer.
> > Is it possible to exclude a specific audit message type from the audit
> > log? The auditctl man page looks like it might be possible using the
> > syntax below but I'm not sure ...
> >
> > # auditctl -a exclude,always -F msgtype=1415
>
> yes, this is correct, but you may want to consider using the (usually more
> meaningful) message type name instead:
>
> # auditctl -a exclude,always -F msgtype=1112
> or
> # auditctl -a exclude,always -F msgtype=USER_LOGIN
Great, thanks for the tip.
BTW, what is the linux-audit-bounces list? Some majordomo magic?
--
paul moore
linux security @ hp
More information about the Linux-audit
mailing list