The auditctl man page specifies that you may specify multiple syscalls in a rule, but it doesn't show and I can't figure out the format for this.<br><br>Could someone please enlighten me?&nbsp; I am trying to audit all access to files (read, write, remove).&nbsp; I believe all I need to do is audit open, write, and rmdir in a single rule.&nbsp; I just can't figure out how to format it.
<br><br>Thanks,<br>-Mont<br><br>