Hi,I just want to exlcude some rsync audit log bacause its too noise when if your server act as repository, but when i try several rules to audit.rules files, its not affected, Th... [by heriyanto]
I have a RHEL 5.8 server running Oracle RAC, In audit.rules file I have rule setup to monitor permission changes and file deletion.
There are multiple entries in the file for oracle services (comm=ohasd.bin). which I want to filter out. Could you please advise how can I filter all events generated for ohasd.bin. so that they are not reported in the audit.log
I have a mystery on my hands. One day /etc/rc5.d/S11auditd became /etc/rc5.d/K88auditd and no one takes responsibility for it. It looks like it just happened by itself, which is hardly plausible and requires a little investigation.
Assuming default Fedora 12 installation, what are the ways of tracing actions that led to an auditd being removed initialization sequence?
Thanks for your advice.But its not only bogofilter rules not working, but also others. (beside from that, a failed bogofilter rule would cause a error in the log).But as said, all rules are not working.(tried spamassassin though, but same problem.