#
# The audisp-filter plugin is designed to address
# the need for event filtering in the Linux audit system.
# It empowers users to selectively process audit events
# based on specified criteria before they are e.g. forwarded
# to syslog or sent to a remote destination for analysis.
# The filter is generic and is designed to work in tandem
# with other plugins which expect audit messages on their
# standard input.
# See audisp-filter(8)

active = no
direction = out
path = /sbin/audisp-filter
type = always
args = allowlist /etc/audit/audisp-filter.conf /sbin/audisp-syslog LOG_USER LOG_INFO interpret
format = string