ausearch message types
LC Bruzenak
lenny at magitekltd.com
Mon Oct 31 23:21:02 UTC 2016
I'm on the 2.4.5 version of the audit code.
Has anyone thought about or implemented a exclusionary message list,
such as:
ausearch -m ALL-avc,user_avc -ts today
I'd like to be able to search in this manner, where I exclude certain
message types.
I could write a patch, but if anyone has already done this I'd happily
use theirs.
The message type list is so long that it would be painful to have the
comma-delimited list of all but a couple.
Thx,
LCB
--
LC Bruzenak
magitekltd.com
More information about the Linux-audit
mailing list