Way too many logs!
Steve Grubb
sgrubb at redhat.com
Fri May 9 20:43:38 UTC 2008
On Friday 09 May 2008 16:20:44 Jeremy Leonard wrote:
> How can I exclude this so it doesn't get logged?
>
> The rules I have above are required by the government. DIACAP STIG
Do you need to log all changes to the scheduler? Or just the changes caused by
users? If the latter, you can cut back your events like this:
-a exit,always -S sched_setparam -S sched_setscheduler -F auid>=500 -k RULE7
-Steve
More information about the Linux-audit
mailing list