0

Auditd do not enable to log different filters in different files (cf man pages). Is there an alternative to it which makes it possible, in particular to separate accounts activities?

lalebarde
  • 203

1 Answers1

0
  • Send auditd logs to rsyslog
  • Filter logs per uid and send logs to a specific file

    if $msg contains 'uid=500' then /var/log/uid/500

lalebarde
  • 203