> > > Limiting of audit records is actually done in the kernel, and > currently the rate limit applies equally[1] to all records, there is > no ability to enforce limits per-key.
One question Paul, will it be ok, if we contribute something similar to the Auditd Kernel repository? -- Anurag Aggarwal
-- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit