creating and inserting audits
Steve Grubb
sgrubb at redhat.com
Tue Sep 7 21:17:23 UTC 2010
On Tuesday, September 07, 2010 05:02:21 pm LC Bruzenak wrote:
> > Is it a bad idea to build and then to insert a custom audit/message,
> > or any standard audit, into the audit.log file?
>
> Nope.
To make sure we don't give conflicting advice, I was thinking he meant writing
directly to the file (which you should not do). Events must be sent to the
kernel. But you are free to make your own audit events as long as you mimic
the existing events.
-Steve
More information about the Linux-audit
mailing list