Hello, People have mentioned a couple times that they would like to know more about what is expected of well written events. I put together a draft document located here:
http://people.redhat.com/sgrubb/audit/audit-events.txt The intention is to add this to the kernel documentation after people have had a chance to review it and send feedback. Any and all comments are welcome. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
