Understanding Linux Audit Log Files

By default, the audit system logs audit messages to the /var/log/audit/audit.log file. Audit log files carry a lot of useful information.

If auditd is not running for whatever reason, audit messages will be sent to rsyslog.


 If you want to generate a summary report on all command executions on the server, run:
  • sudo aureport -x --summary


The following command will give you the statistics of all failed events:
  • sudo aureport --failed
Search for all events (if any) touching the file /etc/ssh/sshd_config and interpret them:
  • sudo ausearch -f /etc/ssh/sshd_config -i
Post a Comment

Featured Post

Updated Coupons / promo codes for Google Apps for Work / Business

To redeem: 1. Sign up for Google Apps   2. Go to your billing settings  3. Choose your payment plan  4. Enter your promo code ...