- Original Message
> From: Steve Grubb
> To: linux-audit@redhat.com
> Cc: Lance Dillon
> Sent: Fri, December 2, 2011 10:04:15 AM
> Subject: Re: filter specific file from specific program
>
> On Tuesday, November 29, 2011 03:38:43 PM Lance Dillon wrote:
> > I have a need to filter a
On Tuesday, November 29, 2011 03:38:43 PM Lance Dillon wrote:
> I have a need to filter a file from auditing, but only from a specific
> process. We are running splunk, and indexing /var/log/audit/audit.log. We
> want audit.log to be monitored, so we are using a dir watch on
> /var/log/audit, but
On Thursday, December 01, 2011 10:12:48 PM MS PRAVEEN wrote:
> Can some body help me here to find a rule/ solution to audit only commands
> are its arguments executed by users and root . I dont need any more other
> events audited since that can fill my free space .
Well, the problem is how can
