Hi Team,

I have enabled the audit logs recently ... Currently the auditd daemon is logging all the event and syscalls done based on default rule set ...

But currently it only record the events done by the root user or by the sudo ...

Need your help to configure the same for Group wise ... so that i can track the group wise events done , rather then adding a rule for each individual users.

--

Thanks & Regards,

- Koresh