audit file creation/deletion
Richard Maciel
rmaciel at linux.vnet.ibm.com
Mon May 10 13:36:06 UTC 2010
Is it possible to audit only the events of creation and deletion of files?
I know that I can use a watch rule with a write filter to check if a
file or directory is being created/delete, but this rule also generates
audit entries when a file (inside the directory being tracked) is
modified. Is there a way to prevent this?
Best Regards,
--
Richard Maciel, MSc
IBM Linux Technology Center
rmaciel at linux.vnet.ibm.com
More information about the Linux-audit
mailing list