> Hello friendly audit people, > > I have a pretty simple question which I hope has a pretty simple answer. Is > it possible to exclude a specific audit message type from the audit log? The > auditctl man page looks like it might be possible using the syntax below but > I'm not sure ... > > # auditctl -a exclude,always -F msgtype=1415 >
yes, this is correct, but you may want to consider using the (usually more meaningful) message type name instead: # auditctl -a exclude,always -F msgtype=1112 or # auditctl -a exclude,always -F msgtype=USER_LOGIN Klaus -- Klaus Heinrich Kiwi/Brazil/IBM <[EMAIL PROTECTED]> Software Engineer IBM STG, Linux Technology Center Phone:(+55-19) 2132-1909 [T/L 839-1909]
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
