Hello all, I know this is a very simple question but i cannot find an answer in the documentation. I have written a parser for the audit system where I am taking events from the af_unix built in plugin through a socket and I am using those events for system monitoring and passing them off to my own storage/processing code etc. All this is done already. The question I have is can I setup audit rules for the af_unix plugin alone. I want to monitor a set of system calls but I do not want those system call events clogging up the log file unnecessaraily and only want them to be passed to the af_unix plugin only. Is there a way to do this? Right now I just set up the rules using auditctl and thus they end up in the log file as well. Thanks, Basim Baig SRI International
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
