Re: Implementing audit rules (/etc/audit/audit.rules) effectively