We have audit rule configured for some of the critical file system on Linux server.
Since we have thousands of read operation on those file system, audit log is reaching maximum limit very fast and we are unable to get important logs.
Even if we keep audit_log_size=100MB, it reaches maximum limit in 10 mins.
I would like to know if we can filter the logs or ignore the read operation so that we can get some quality Audit logs.
I see only options for audit log are : none | all | success | failure
Thanks in advance to provide some suggestion on this.