Splunk Search Query – Linux Systems Auditing

The auditing of the linux systems is achieved by using the auditd service that is provided by installing audit package. All the system audit log is generated and dumped to /var/log/audit/audit.log. All these audit.log is forwarded to Splunk indexer for indexing this data and then in turn leverage this data to audit the linux systems by using the Splunk search query. We

Read more