Aureport – linux tool for audit reporting of linux systems

Audit daemon(auditd) is the userspace component that runs on linux systems which will keep track of audit records by writing all the events to /var/log/audit/audit.log It would consult the audit rules configured in /etc/audit/audit.rules for what needs to be monitored and tracked such as file access, command runs, systemcalls executions etc Since, there is huge amount of events that are

Read more

Splunk Search Query – Linux Systems Auditing

The auditing of the linux systems is achieved by using the auditd service that is provided by installing audit package. All the system audit log is generated and dumped to /var/log/audit/audit.log. All these audit.log is forwarded to Splunk indexer for indexing this data and then in turn leverage this data to audit the linux systems by using the Splunk search query. We

Read more