Re: Monitoring events
>>> Is there's any kind of identifier that ties events to
rules?
>> Which kernel are you using? Are your events only watches or do you care
>> about syscall auditing as well (meaning you have set some syscall audit
>> rules) ?
> kernel-2.6.16-1.2212.2.8_FC6.lspp.34.i686 on Fedora Core 5
> At the moment they are only watches,
OK, the lspp series (so far) does not support the idea of a "key tag" as RHEL4
did.
So, assuming I installed RHEL4, would this "key tag" allow all events to
be tied to rules, or just the file watch events?