I've tried simple filter "evt.res=ENOACCESS", and it crashed once I've started `cat` and hit "ctrl+c" on it. Crash on signal?
I fail to get valid kern.log entries during these crashes with my local machine or virtual box, only that original server crash saved normal kern.log lines with some crash info...
