2

I would like to have some rules logged in a file that is not the default log file defined in /etc/audit/auditd.conf. Is there a way to have auditd log some rules in a separate file?

Something like -w /tmp -LOGFILE /var/log/someother/location/log?

Tom Klino
  • 842
  • Yes, in the worst case by hacking the source code. Can you be a bit more specific, such as including how you want to filter? – l0b0 Jun 21 '17 at 12:02
  • well I have a set of rules for tracking files. But I also want to use auditd to map processes being cloned from some applications on the system using the -S clone rule. I would like to have that in a separate file as those are not really logs and more of an input for a script – Tom Klino Jun 21 '17 at 12:08

0 Answers0