I am auditing when an ipsec policy is added and removed from the Security Policy Database. Should I also add audit when an SA is added and removed? SAs can quickly fill up log since there can be many of them and they also have a lifetime associated with them that can result in continuous renewal. I looked at how Paul implemented netlabel auditing, but was wondering is there any specific info I should audit for labeled ipsec?
Regards, Joy -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
