I know I could exclude all msgtype CRYPTO_KEY_USER audit events, but would like to exclude just specific ones. I would like to exclude ones for a specific UID, hostname, or IP.
There are many example of how to exclude specific files, directory events, or syscall events. Can somebody suggest a way to suppress specific CRYPTO_KEY_USER events by UID, hostname, or IP?
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
