On Fri, 2011-05-20 at 16:14 +0100, Mr Dash Four wrote:
> I am having difficulty in trying to exclude a certain type of messages
> for certain SELinux types being reported to the auditd daemon.
>
> In particular, I would like to exclude the following from being reported
> (and thus filling up my audit logs unnecessarily):
>
> msgtype={USER_ACCT|CRED_ACQ|USER_START|CRED_DISP|USER_END}
> obj_type=crond_t
> success=0
I do not know the answer to your question, but i suspect you will stand
a better chance at finding a good answer on the linux-audit list.
You can subscribe here:
https://www.redhat.com/mailman/listinfo/linux-audit
Note though that this list is moderated. So it may be a while before
your request for subscription is processed.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
