On Wed, 15 Mar 2006, Steve Grubb wrote:
On Wednesday 15 March 2006 15:33, Amy Griffis wrote:
> Why can't a user just disable syscall auditing if they aren't
> interested in adding rules?
because then the avc messages go to syslog.
hmmm, couldn't auditd keep track of the number of rules and enable or
disable syscall auditing as appropriate?
-Jason