Steve, Would there be any issue with adding a couple new trusted_application event types? Would any kernel mods be needed to support this?
The reason I ask is because I'd like to process some event types differently on the back end (the aggregator) and if I could easily identify those types it would make life easier. Some trusted_application events are for recording "bad" security issues, some for "good", etc. and I'd like to easily differentiate those. I can put something inside the event text but if possible would prefer a couple different types, like trusted_app1, trusted_app2, etc. Thx, LCB -- LC (Lenny) Bruzenak [email protected] -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
