no logging of successful events?
Steve Grubb
sgrubb at redhat.com
Mon Aug 18 19:18:34 UTC 2008
On Monday 18 August 2008 15:09:34 Brian LaMere wrote:
> So...why is it that "LIST_RULES: exit,always success!=0 syscall=open"
> doesn't disregard the successful calls?
Because that means log the successful calls. If you only want the unsuccessful
calls, I'd suggest success = 0. Its easy to confuse the success field with
exits codes which return 0 for success. This question pops up every now and
again. :)
-Steve
More information about the Linux-audit
mailing list