RE: questions about auditing on a new RH 6 box
On Fri, 2011-01-14 at 19:07 +0000, Tangren, Bill wrote:
Where can I read on how to classify events? I have been frustrated in
the past, because I was required to generate volumes of audit logs,
and I haven't had much success there.
man auditctl
look for the "-k key" section
LCB