Apologies if this is the wrong list: Is it possible to filter on what shows up in the audit logs as the ouid of an inode being accessed?
Alternatively, if I'm only interested in inodes of a particular ouid (or more specifically, accesses to an inode of a particular ouid from a process with a different uid), is my best bet doing post-audit filtering? cheers, peter
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
