On Monday 18 August 2008 15:09:34 Brian LaMere wrote: > So...why is it that "LIST_RULES: exit,always success!=0 syscall=open" > doesn't disregard the successful calls?
Because that means log the successful calls. If you only want the unsuccessful calls, I'd suggest success = 0. Its easy to confuse the success field with exits codes which return 0 for success. This question pops up every now and again. :) -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
