Hi all,
We can use a rule to audit one specific process's all syscall info,
eg: auditctl -a entry,always -S all -F pid=1005, it will log process 1005's
syscall info. Is there a rule available to audit all processes' syscall
info?Thanks in advance.
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
