excluding auditd events
Dominick Grift
domg472 at gmail.com
Fri May 20 15:22:49 UTC 2011
On Fri, 2011-05-20 at 16:14 +0100, Mr Dash Four wrote:
> I am having difficulty in trying to exclude a certain type of messages
> for certain SELinux types being reported to the auditd daemon.
>
> In particular, I would like to exclude the following from being reported
> (and thus filling up my audit logs unnecessarily):
>
> msgtype={USER_ACCT|CRED_ACQ|USER_START|CRED_DISP|USER_END}
> obj_type=crond_t
> success=0
I do not know the answer to your question, but i suspect you will stand
a better chance at finding a good answer on the linux-audit list.
You can subscribe here:
https://www.redhat.com/mailman/listinfo/linux-audit
Note though that this list is moderated. So it may be a while before
your request for subscription is processed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20110520/1df29c62/attachment.bin
More information about the selinux
mailing list