-----Original Message----- From: Steve Grubb [mailto:[email protected]] Sent: Friday, January 14, 2011 1:59 PM To: [email protected]; Tangren, Bill Subject: Re: questions about auditing on a new RH 6 box
On Friday, January 14, 2011 12:35:06 pm LC Bruzenak wrote: > Probably can use a sampling of events as well. Since keys are not being used to classify events (hint hint) the best you can do is run something like this: aureport --start today --summary --syscall -i -Steve ****************** Where can I read on how to classify events? I have been frustrated in the past, because I was required to generate volumes of audit logs, and I haven't had much success there. Thanks everyone for all of your help. I really appreciate it. Bill -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
