On Friday 21 April 2006 17:22, [EMAIL PROTECTED] wrote: > which implies to me that I can blat a bit over 128K to the audit log per > syscall.
Users can do this already. Maybe not as quickly, but they can certainly fill up your logs if they feel like it. If you do not want this message type in your logs, then use this in your audit rules: -a always,exclude -F msgtype=EXECVE Problem Solved (tm). -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
