ausearch message types
LC Bruzenak
lenny at magitekltd.com
Mon Oct 31 23:37:27 UTC 2016
On 10/31/2016 04:21 PM, LC Bruzenak wrote:
> I'm on the 2.4.5 version of the audit code.
> Has anyone thought about or implemented a exclusionary message list,
> such as:
>
> ausearch -m ALL-avc,user_avc -ts today
Actually in this case I'm running the search from a script so I can
easily take the stderr results from "ausearch -i -m help", pipe them
into a sed substitution which removes the preceding text, removes the
ones I don't want, and replaces the spaces with commas.
So for now I am set; still I think it would perhaps be helpful to have
at some point.
--
LC Bruzenak
magitekltd.com
More information about the Linux-audit
mailing list