Collector Settings

Use the group policies under Collector Settings to configure the collector service.

Do not audit output of specified UNIX commands

Use this group policy to specify one or more UNIX commands whose output you do not want to save to in the audit store database.

You can use this group policy to prevent the output from specific UNIX command that you do not want to capture or review from being saved. For example, common UNIX commands, such as the "top" and "tail" commands, might display output that you do not want to capture and store for auditing purposes. To prevent auditing the output for these types of commands, enable this group policy, click Add, then type the command.

The command string you specify must be an exact match. For example, to prevent auditing output of "cat filename", you must specify "cat filename" as the command string in this group policy.

To use this group policy:

  1. Double click the policy in the right pane of the Group Policy Management Editor.
  2. On the Policy tab, select Enabled.
  3. Click Add, type the exact command you want to skip for auditing purposes, then click OK.
  4. Repeat Step 3 for each command to skip when auditing session activity until you are finished adding commands, then click OK.