Auditd do not enable to log different filters in different files (cf man pages). Is there an alternative to it which makes it possible, in particular to separate accounts activities?
Asked
Active
Viewed 1,047 times
1 Answers
0
- Send auditd logs to rsyslog
Filter logs per uid and send logs to a specific file
if $msg contains 'uid=500' then /var/log/uid/500

lalebarde
- 203