On Tue, Feb 28, 2023 at 10:35 AM Anurag Aggarwal <anurag19aggar...@gmail.com> wrote: > > Hello Paul, > > Thank you for your information. > >> If you have a particular audit >> rule which is too verbose *and* you are willing to lose audit records >> from that filter rule (which is what would happen if they were rate >> limited), you might want to consider making that audit filter rule >> more targeted to the event you are interested in logging. Generating >> more audit records than you want to see can be a sign of an overly >> general audit rule. > > I agree that having rules which are too verbose is not a very good idea. > > Beside this, is there any other mechanism which we can use to get a similar > effect?
Nothing comes quickly to mind, perhaps others on the mailing list might have some ideas ... ? -- paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit
