On Friday, July 13, 2012 01:09:00 PM Michael Mather wrote: > Yes, Steve, adding --raw works beautifully. Thanks. > > Now, where can I find a tutorial that might have taught me this?
There is some discussion of this in the audit.rules man page under the section NOTES. There was also an article about using the audit system to debug the whole OS at once. The article gives some examples of stringing together searches and reports: http://magazine.hitb.org/issues/HITB-Ezine-Issue-005.pdf > And is there a way to search this list? You can use Google and the site operator to restrict the results: site:www.redhat.com ausearch raw -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
