Re: ausearch message types
On 10/31/2016 04:21 PM, LC Bruzenak wrote:
I'm on the 2.4.5 version of the audit code.
Has anyone thought about or implemented a exclusionary message list,
such as:
ausearch -m ALL-avc,user_avc -ts today
Actually in this case I'm running the search from a script so I can
easily take the stderr results from "ausearch -i -m help", pipe them
into a sed substitution which removes the preceding text, removes the
ones I don't want, and replaces the spaces with commas.
So for now I am set; still I think it would perhaps be helpful to have
at some point.
--
LC Bruzenak
magitekltd.com