Re: Question - Rule Syntax

I am attempting to create a rule that will audit privileged commands for UID's greater than 500 but ignore one particular user that falls under this rule. The user I am trying to ignore is the only user that should be touching the file. Below is the rule. #### BEGIN RULE SNIP #### ## Ensure auditd Collects Information on the Use of Privileged Commands -a always,exit -F path=/opt/varonis1.6.0106/bin/ls -F perm=x -F auid>=500 -F auid!=4294967295 -F auid!=505 -k privileged #### END RULE SNIP #### Is the rule syntax above correct?