Set audisp plugin filters
Eytan Naim
eytan.naim at imperva.com
Wed Apr 12 08:28:02 UTC 2017
Hi,
I am currently developing an audisp plugin that should be as effective as possible.
Therefore, I want to set my own set of filtering rules (2-3 syscalls) and I don't want to get any other audit events from the audisp itself, - I assumed it is possible to set my own plugin rules but I couldn't find it in the audit documentation (Linux Audit API) nor any other audisp plugins examples. Is it even possible?
If not, is it possible to run an auditd of my own in parallel with the original auditd? I assume each auditd can define its own set of audit rules. - Am I right?
Thanks in advance,
[https://signature.imperva.com/assets/imperva-logo.png]
Eytan Naim | SW Engineer
eytan.naim at imperva.com<mailto:eytan.naim at imperva.com> | m: +972 50-225-8833
imperva.com<https://imperva.com> | facebook<https://www.facebook.com/imperva> | linkedin<https://www.linkedin.com/company/imperva> | twitter<https://twitter.com/imperva>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20170412/ad7e1b9b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1488 bytes
Desc: image001.png
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20170412/ad7e1b9b/attachment.png>
More information about the Linux-audit
mailing list