On Fri, 2011-01-14 at 19:07 +0000, Tangren, Bill wrote: > > Where can I read on how to classify events? I have been frustrated in > the past, because I was required to generate volumes of audit logs, > and I haven't had much success there.
man auditctl look for the "-k key" section LCB -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
