I'm new to auditd, and have been assign to come up with a "best practice" standard for the deployment and audit settings for Linux servers using auditd,  Other then the man pages does anyone have any suggestions for "best practices", books or training courses that would help me get a better understanding of auditd and its syntax?

Any help would be most appreciated, thanks...  

Larry E. Erdahl
Information Security Services
Computer Security Incident Response Team (CSIRT)
1 Meridian Crossing
Richfield, MN 55423
Mail Code: EP-MN-MS6I
Office Phone: (612)973-7153

U.S. BANCORP made the following annotations
---------------------------------------------------------------------
Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.


---------------------------------------------------------------------