The -f flag is set to 0, 1, or 2 and specifies what to do on failure. Is that "failure" any logging event? Or just logging events when the backlog is higher than whatever the -b option sets it to?
Thanks! Leam -- Mind on a Mission <http://leamhall.blogspot.com/>
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
