AnsweredAssumed Answered

SeOS Audit logs filteration

Question asked by TeamV on Sep 9, 2016
Latest reply on Sep 23, 2016 by Reatesh

Hi,

 

We have audit rule configured for some of the critical file system on Linux server.

Since we have thousands of read operation on those file system, audit log is reaching maximum limit very fast and we are unable to get important logs.

Even if we keep audit_log_size=100MB, it reaches maximum limit in 10 mins.

I would like to know if we can filter the logs or ignore the read operation so that we can get some quality Audit logs.

 

I see only options for audit log are : none | all | success | failure

 

Thanks in advance to provide some suggestion on this.

 

Thanks

VOLVOCARS

Outcomes