VLOG filter file

Hi,

I'm testing NSS auditing with VLOG and can't get it working. 

/opt/novell/vigil/bin/vlog --blockNssEventsOfVol DATA --filterFile /etc/opt/novell/vlog.conf --format CEF

in the vlog.conf is only this

:-roll -user_stop -user_start
DATA:/** (ADDTRUSTEE REMOVETRUSTEE SETINHERITEDRIGHTS) (*) (*)

I'm on OES 24.1

David

Tags:

Parents Reply
  • Yes, you have several things you are trying to focus on with those patterns.  If time was endless, the trial and error approach might get you there.  The first --pattern part (and that you could have two --pattern parts) is not one I am familiar with from my limited use of vlog to date, so it would be my first part to remove in any testing.

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

Children
No Data