You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I want to filter for just see all commands running by users in local0 to 7
I think is here: ?
# If kaudit filtering isn't powerful enough you can use the following filter mechanism
filters:
# Each filter consists of exactly 3 parts
- syscall: 54 # The syscall id of the message group (a single log line from go-audit), to test against the regex
message_type: 1306 # The message type identifier containing the data to test against the regex
regex: saddr=(10..|0A..) # The regex to test against the message specific message types data
Hi,
I want to filter for just see all commands running by users in local0 to 7
I think is here: ?
For example i want to filter on this :
Also have limited to events to 1327
Best Regards
The text was updated successfully, but these errors were encountered: