There is a current rule in effect:
# auditctl -l
-a always,exclude -F msgtype>0
I am trying to remove it with:
-d always,exclude -F msgtype>0
but receive the error:
-F missing operation for msgtype
What is the proper way to remove this rule?
Did you literally type -F msgtype>0? Then you probably have an empty file 0 in the current directory.
You need to escape the > character, perhaps like this:
-F 'msgtype>0'