Re: Monitoring events
On Thursday 08 June 2006 10:57, Steve wrote:
So, assuming I installed RHEL4, would this "key tag" allow
all events to
be tied to rules, or just the file watch events?
There has been some talk about adding the "key" to LSPP kernels. So this might
be available eventually. (You are testing against a kernel that is under
development and not feature complate.)
RHEL4 on the otherhand has an older audit system. I have not backported the
audit dispatcher interface to the 1.0.X series. It shouldn't be difficult and
might be something I do for 1.0.15.
-Steve