filtering on inode ouid
Apologies if this is the wrong list:
Is it possible to filter on what shows up in the audit logs as the ouid of
an inode being accessed?
Alternatively, if I'm only interested in inodes of a particular ouid (or
more specifically, accesses to an inode of a particular ouid from a process
with a different uid), is my best bet doing post-audit filtering?
cheers,
peter
Attachments:
- attachment.html (text/html — 523 bytes)