Steve Grubb wrote:
On Thursday 18 May 2006 12:04, Michael C Thompson wrote:
So then it should be safe to say that having two -F msgtype=... is an
invalid construct for a rule? Since messages have only 1 type?
Only if they are using the '=' operator. Other operators might be valid to
have multiple -F msgtype.
Ah yes, good point. I'll be sure to properly test the relational
operators. Other than the source code, is there any place for a user to
go and get the message types to determine their ordering?
Mike
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
