Hello friendly audit people, I have a pretty simple question which I hope has a pretty simple answer. Is it possible to exclude a specific audit message type from the audit log? The auditctl man page looks like it might be possible using the syntax below but I'm not sure ...
# auditctl -a exclude,always -F msgtype=1415 -- paul moore linux security @ hp -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
