questions about auditing on a new RH 6 box
Steve Grubb
sgrubb at redhat.com
Fri Jan 14 19:39:18 UTC 2011
On Friday, January 14, 2011 02:24:19 pm LC Bruzenak wrote:
> > Where can I read on how to classify events? I have been frustrated in
> > the past, because I was required to generate volumes of audit logs,
> > and I haven't had much success there.
>
> man auditctl
> look for the "-k key" section
I also give a write on using that in the audit.rules man page. See the NOTES section
in particular.
-Steve
More information about the Linux-audit
mailing list