Re: ausearch / policy question
On Wednesday 23 July 2008 18:30:45 LC Bruzenak wrote:
So my questions are:
1: duplicate records above - expected or correct since there were two
matches - the AVC and also the command?
you'd have to look at the logs to figure that out. ausearch doesn't buffer
events past one miscompare.
2: why is ausearch producing the AVCs?
Maybe you need to be secadmin or auditadmin?
-Steve