Filter for audit.log
Hello, we have installed Splunk in order to monitor the audit.log files of
several systems. However, our audit.log files are turning over quicker
than usual since Splunk seems to span our audit.log file with entries.
Is there a way to get audit.log to filter messages from Splunk in RHEL 5
server systems?
Thanks in advance!
Starr