VLOG filter file

Hi,

I'm testing NSS auditing with VLOG and can't get it working. 

/opt/novell/vigil/bin/vlog --blockNssEventsOfVol DATA --filterFile /etc/opt/novell/vlog.conf --format CEF

in the vlog.conf is only this

:-roll -user_stop -user_start
DATA:/** (ADDTRUSTEE REMOVETRUSTEE SETINHERITEDRIGHTS) (*) (*)

I'm on OES 24.1

David

Tags:

Parents Reply
  • 0   in reply to   

    Yes, you have several things you are trying to focus on with those patterns.  If time was endless, the trial and error approach might get you there.  The first --pattern part (and that you could have two --pattern parts) is not one I am familiar with from my limited use of vlog to date, so it would be my first part to remove in any testing.

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

Children
No Data