hi, Yes you can use the option "-S all". but in more detail just refer the attachment file. or u can replace your audit rule file. This file is only for i386 machine. On Wed, Jun 23, 2010 at 4:58 PM, List Quest <listquest(a)gmail.com&gt; wrote: > Hi; > > Thank you very much. I see all list, very good. > > I think "-S all" use, for all system activity; but this is absurd? And, > this is load to system? > > Best Regards > > > > > On Wed, Jun 23, 2010 at 2:16 PM, Ashok Kumar J < > ashok.jagathesan(a)gmail.com&gt; wrote: > >> issue the command ausyscall --dump. This will give you architecture >> specific system calls. >> >> On Wed, Jun 23, 2010 at 4:39 PM, List Quest <listquest(a)gmail.com&gt; wrote: >> >>> Hi; >>> >>> Where find the ALL RHEL 5.x syscall names/lists, fro use auditctl with >>> -S parameter? >>> >>> I found this URL, but maybe short? >>> http://osinside.net/syscall/system_call_table.htm >>> >>> >>> Thanks >>> Best Regards >>> >>> -- >>> Linux-audit mailing list >>> Linux-audit(a)redhat.com >>> https://www.redhat.com/mailman/listinfo/linux-audit >>> >> >> >> >> -- >> with regards >> >> Ashok Kumar J >> >> > -- with regards Ashok Kumar J