Excluding events by command
Laura Martín
hoshi.utsuku at gmail.com
Tue Sep 18 17:29:44 UTC 2012
Hi!
Thanks in advance for the replies. I want to exclude all audit entries for
cron executions.
The line i've pasted here was an example.
Thanks!
Laura
El 18/09/2012 18:50, "Laura Martín" <hoshi.utsuku at gmail.com> escribió:
> Hi all,
>
> I'm trying to exclude cron events from audit logging. I can't see how can
> I do to only exclude this kind of entries:
>
>
> ----
> time->Mon Sep 17 11:00:01 2012
> type=PATH msg=audit(1347872401.521:5212): item=0
> name="/etc/pam.d/system-auth" inode=33635 dev=fd:00 mode=0100644 ouid=0
> ogid=0 rdev=00:00
> type=CWD msg=audit(1347872401.521:5212): cwd="/var/spool"
> type=SYSCALL msg=audit(1347872401.521:5212): arch=c000003e syscall=2
> success=yes exit=5 a0=2b5b7b627300 a1=0 a2=1b6 a3=0 items=1 ppid=11640
> pid=1965 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=(none) ses=4294967295 comm="crond" exe="/usr/sbin/crond"
> key=(null)
> ----
>
> I didn't see any option to exclude events by 'exe' or 'comm' field.
>
> Any hints?
>
> Thanks in advance, Laura
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20120918/12255429/attachment.htm>
More information about the Linux-audit
mailing list