[Gllug] auditctl

[Simon Morris]

Hello GLLUG,

I'm reading the man page for auditctl and would appreciate any tips or
tricks with file system auditing.

Basically I'm track to track 'mysterious' file deletions from a RHEL5
server - almost certainly a case of users accidentally deleting the file
and then blaming the IT gremlins.

What's the best way to use auditctl - I plan to ship the audit events to
a Splunk server using syslog.

Thanks

~sm

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug