Excluding certain audit message types?
Hello friendly audit people,
I have a pretty simple question which I hope has a pretty simple answer. Is
it possible to exclude a specific audit message type from the audit log? The
auditctl man page looks like it might be possible using the syntax below but
I'm not sure ...
# auditctl -a exclude,always -F msgtype=1415
--
paul moore
linux security @ hp