Hello Paul, Thank you for your information.
> If you have a particular audit > rule which is too verbose *and* you are willing to lose audit records > from that filter rule (which is what would happen if they were rate > limited), you might want to consider making that audit filter rule > more targeted to the event you are interested in logging. Generating > more audit records than you want to see can be a sign of an overly > general audit rule. > I agree that having rules which are too verbose is not a very good idea. Beside this, is there any other mechanism which we can use to get a similar effect? -- Anurag Aggarwal
-- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit
