###########################################################################
# $Id$
###########################################################################

# You can put comments anywhere you want to.  They are effective for the
# rest of the line.

# this is in the format of <name> = <value>.  Whitespace at the beginning
# and end of the lines is removed.  Whitespace before and after the = sign
# is removed.  Everything is case *insensitive*.

# Yes = True  = On  = 1
# No  = False = Off = 0

Title = "Kernel Audit"

# Which logfile group...
LogFile = messages

# Only give lines related to the audit service
# Note that audit lines may have something like audit(1114839915.618:0)
# as the service name
# (Some implementations might not precede it with "kernel:")
*OnlyService = (kernel:( \[[ 0-9\.]+\])?)?\s*(type=[0-9]+\s*)?audit.*
# Need to distinguish between the various audit services
*RemoveHeaders = "^... .. ..:..:.. [^ ]* (?:kernel: )?"

########################################################
# This was written and is maintained by:
#    Ron Kuris <swcafe@gmail.com>
#
# Please send all comments, suggestions, bug reports,
#    etc, to logwatch-devel@lists.sourceforge.net
########################################################