From mboxrd@z Thu Jan  1 00:00:00 1970
From: LC Bruzenak <lenny@magitekltd.com>
Subject: Re: ausearch message types
Date: Mon, 31 Oct 2016 16:37:27 -0700
Message-ID: <5817D5B7.3070309@magitekltd.com>
References: <5817D1DE.7040909@magitekltd.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx06.extmail.prod.ext.phx2.redhat.com
	[10.5.110.30])
	by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id u9VNbTAu023276
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NO)
	for <linux-audit@redhat.com>; Mon, 31 Oct 2016 19:37:29 -0400
Received: from mail-pf0-f182.google.com (mail-pf0-f182.google.com
	[209.85.192.182])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id E25061E5E
	for <linux-audit@redhat.com>; Mon, 31 Oct 2016 23:37:28 +0000 (UTC)
Received: by mail-pf0-f182.google.com with SMTP id n85so84147229pfi.1
	for <linux-audit@redhat.com>; Mon, 31 Oct 2016 16:37:28 -0700 (PDT)
Received: from [172.18.0.177] ([4.30.56.154]) by smtp.gmail.com with ESMTPSA id
	zh13sm38024129pab.4.2016.10.31.16.37.26 for <linux-audit@redhat.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 31 Oct 2016 16:37:27 -0700 (PDT)
In-Reply-To: <5817D1DE.7040909@magitekltd.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On 10/31/2016 04:21 PM, LC Bruzenak wrote:
> I'm on the 2.4.5 version of the audit code.
> Has anyone thought about or implemented a exclusionary message list, 
> such as:
>
> ausearch -m ALL-avc,user_avc -ts today

Actually in this case I'm running the search from a script so I can 
easily take the stderr results from "ausearch -i -m help", pipe them 
into a sed substitution which removes the preceding text, removes the 
ones I don't want, and replaces the spaces with commas.
So for now I am set; still I think it would perhaps be helpful to have 
at some point.

-- 
LC Bruzenak
magitekltd.com