On Fri, Feb 20, 2015 at 1:37 PM, Ed Christiansen MS <[email protected]> wrote: > As a guy who administers Irix today I can say the auditing on Irix is > extensive, but I'd hesitate to reference it in this context because > the satd does NOT give you the option to choose success or failure > audits. You get both and it fills your disk fairly quickly. I've > had to disable it during periods of high activity because it will > halt your system (also not configurable) if it runs out of space. So, > maybe it didn't require much in the way of structure, but it left an awful > lot to be desire in the implementation.
I'm only planning a change in the format, not the content of the audit records so you'll still have success/fail indicators like you do now. -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
