On Monday 21 December 2009 10:46:51 am [email protected] wrote: > Is there a way to get audit.log to filter messages from Splunk in RHEL 5 > server systems?
I really don't know what splunk is doing or why. Does it run with its own UID or does it run as root? If it does have its own uid, then that might be used for filtering. Aside from that, since its a commercial app, you might ask them if they've tested it on a linux system with nispom audit rules and what they would suggest. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
