Way too many logs!

[Steve Grubb]

On Friday 09 May 2008 16:20:44 Jeremy Leonard wrote:
> How can I exclude this so it doesn't get logged?
>
> The rules I have above are required by the government. DIACAP STIG

Do you need to log all changes to the scheduler? Or just the changes caused by 
users? If the latter, you can cut back your events like this:

-a exit,always -S sched_setparam -S sched_setscheduler -F auid>=500 -k RULE7


-Steve