On Friday 07 December 2007 1:14:38 pm [EMAIL PROTECTED] wrote: > > Hello friendly audit people, > > > > I have a pretty simple question which I hope has a pretty simple answer. > > Is it possible to exclude a specific audit message type from the audit > > log? The auditctl man page looks like it might be possible using the > > syntax below but I'm not sure ... > > > > # auditctl -a exclude,always -F msgtype=1415 > > yes, this is correct, but you may want to consider using the (usually more > meaningful) message type name instead: > > # auditctl -a exclude,always -F msgtype=1112 > or > # auditctl -a exclude,always -F msgtype=USER_LOGIN
Great, thanks for the tip. BTW, what is the linux-audit-bounces list? Some majordomo magic? -- paul moore linux security @ hp -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
