Re: questions about auditing on a new RH 6 box
On Friday, January 14, 2011 02:24:19 pm LC Bruzenak wrote:
> Where can I read on how to classify events? I have been
frustrated in
> the past, because I was required to generate volumes of audit logs,
> and I haven't had much success there.
man auditctl
look for the "-k key" section
I also give a write on using that in the audit.rules man page. See the NOTES section
in particular.
-Steve