/var/log/audit/audit.log in Linux

Gaby1110 · ‎09-25-2009

Hi,

We are using auditd for the file system and file changes monitoring and are able to see the log either in /audit.log file or using the ausearch command. We woulk like to use a script or tool which can help us to find specific parameters in the log. Please find below one example and report which we would like to generate automatically.

type=PATH msg=audit(09/23/2009 03:58:50.385:263) : item=1 name=/u01/modprobe.conf inode=49156 dev=fd:02 mode=file,644 ouid=root ogid=root rdev=00:00
type=PATH msg=audit(09/23/2009 03:58:50.385:263) : item=0 name=/u01/ inode=2 dev=fd:02 mode=dir,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(09/23/2009 03:58:50.385:263) : cwd=/etc
type=SYSCALL msg=audit(09/23/2009 03:58:50.385:263) : arch=x86_64 syscall=open success=yes exit=4 a0=14a9ada0 a1=41 a2=81a4 a3=0 items=2 ppid=7524 pid=8533 a
uid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=21 comm=cp exe=/bin/cp key=u0dir

Manual analysis:-
Audit log time : 09/23/2009 03:58:50.385:263
User: root
Group:root
File Name: modprobe.conf
PATH:/u01
CWD:/etc
Arch: x86_64
Success: Yes
Command: cp
Command Path:/bin/cp
Details: Copied file from /etc to /u01

Thanks
Gaby

Ivan Ferreira · ‎09-25-2009

Plase see this link, it may help:

http://people.redhat.com/sgrubb/audit/visualize/index.html

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

/var/log/audit/audit.log in Linux

/var/log/audit/audit.log in Linux

Re: /var/log/audit/audit.log in Linux