watches on rotated files, was (no subject)
Steve Grubb
sgrubb at redhat.com
Thu May 24 14:22:48 UTC 2007
On Thursday 24 May 2007 10:03, Kirkwood, David A. wrote:
> How do I place a watch on files that are being rotated?
I suspect the files have to exist to place a watch on them. You can just touch
them to create them empty. ausearch/aureport probably doesn't care. We are
working on a directive to allow auditing a directory and its whole subtree
for RHEL5 and 2.6.23. Al should be posting the code for review rsn.
-Steve
More information about the Linux-audit
mailing list