On Friday, January 14, 2011 02:24:19 pm LC Bruzenak wrote: > > Where can I read on how to classify events? I have been frustrated in > > the past, because I was required to generate volumes of audit logs, > > and I haven't had much success there. > > man auditctl > look for the "-k key" section
I also give a write on using that in the audit.rules man page. See the NOTES section in particular. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
