[ossec-list] Re: User auditing solution

Tue, 18 Aug 2009 08:02:17 -0700 

Navid,

We're using kernel-level auditing coupled with the following rule to log all
commands run

        -a entry,always -S execve

Take a look at the auditd manpage and see if that's more what you were
after.

Regards,

--
Mark Smith

Reply via email to