I would like to have some rules logged in a file that is not the default log file defined in /etc/audit/auditd.conf
. Is there a way to have auditd log some rules in a separate file?
Something like -w /tmp -LOGFILE /var/log/someother/location/log
?
-S clone
rule. I would like to have that in a separate file as those are not really logs and more of an input for a script – Tom Klino Jun 21 '17 at 12:08