I have a linux system running with these audit flags set in the audit.rules. These are our standard syscall watches in order to get the audit details our legal wants. We have a very chatty program that always creates small little files on the disk and it fills the audit logs with a lot of noise we would like to remove. Can we ignore the "creat" syscall for one directory in our audit.rules? -a entry,always -S chmod -S fchmod -S chown -S fchown -S lchown -S creat -S truncate -S ftruncate -S unlink -S rename -S link -S symlink - S mknod -S mount -S umount2 -S clone -S fork -S vfork -S umask -S adjtimex -S settimeofday
Thank you Jason --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup -~----------~----~----~----~------~----~------~--~---
