Re: prelude events
On Monday 25 August 2008 16:24:35 LC Bruzenak wrote:
I think I just saw the answer in the audisp-prelude man page:
...
-w /etc/shadow -p wa
and you want idmef alerts on this, you need to add -k
ids-file-med or something appropriate to signal to the plugin
that this message is for it.
Yes, you'd add -k ids-file- and the one of: info, low, med, or high
depending on how severe you consider this access.
-Steve