From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Moore <paul.moore@hp.com>
Subject: Re: Excluding certain audit message types?
Date: Fri, 7 Dec 2007 13:51:55 -0500
Message-ID: <200712071351.55345.paul.moore@hp.com>
References: <200712071112.56880.paul.moore@hp.com>
	<OF2EC7E879.912F3F0A-ON832573AA.0063D374-832573AA.006420BB@br.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <OF2EC7E879.912F3F0A-ON832573AA.0063D374-832573AA.006420BB@br.ibm.com>
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: klausk@br.ibm.com
Cc: linux-audit@redhat.com, linux-audit-bounces@redhat.com
List-Id: linux-audit@redhat.com

On Friday 07 December 2007 1:14:38 pm klausk@br.ibm.com wrote:
> > Hello friendly audit people,
> >
> > I have a pretty simple question which I hope has a pretty simple answer.
> > Is it possible to exclude a specific audit message type from the audit
> > log?  The auditctl man page looks like it might be possible using the
> > syntax below but I'm not sure ...
> >
> >  # auditctl -a exclude,always -F msgtype=1415
>
> yes, this is correct, but you may want to consider using the (usually more
> meaningful) message type name instead:
>
> # auditctl -a exclude,always -F msgtype=1112
> or
> # auditctl -a exclude,always -F msgtype=USER_LOGIN

Great, thanks for the tip.

BTW, what is the linux-audit-bounces list?  Some majordomo magic?

-- 
paul moore
linux security @ hp