Linux Auditd app for Splunk
F Rafi
farhanible at gmail.com
Thu Mar 31 05:01:10 UTC 2016
"I've turned SELinux off ... and as per Dan Walsh that's a bad thing."
Love it.
Some questions.
*1. For the Severe Events panel: *Where is the severity coming from? The
auditd logs don't show a severity rating.
*2. AUID to username mapping: *How are you doing this? Via tty logs or
fetching passwd file contents somehow?
Thanks,
Farhan
On Wed, Mar 30, 2016 at 8:46 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> Hello,
>
> On Wednesday, March 30, 2016 10:34:39 PM Douglas Brown wrote:
> > This week I released version 2 of the Linux Auditd app for Splunk:
> > https://splunkbase.splunk.com/app/2642/
>
> > Be sure to let me know if you have any suggestions for improvements.
>
> Thanks for posting this. Its good to see utilities like this supporting the
> audit daemon.
>
> If anyone else has plugins to logging frameworks, reports, helpful scripts,
> etc...feel free to post a notice about them. We are sort of working on a
> new
> home for the audit system at github and can probably dedicate a page to
> related and helpful projects.
>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20160331/45646706/attachment.htm>
More information about the Linux-audit
mailing list