All Notes
Linux Fundamentals
Linux Fundamentals
  • Aim
  • History
  • Components of Linux OS
  • Linux Kernel
  • Linux Commands
  • AWK
  • Regex
  • Log Scanning
  • SE-Linux
Powered by GitBook
On this page

Log Scanning

PreviousRegexNextSE-Linux

Last updated 11 months ago

Log Scanning is beneficial for troubleshooting service errors and searching malicious activity

Logwatch is an excellent tool to achieve the above objective. One can refer link to learn the same.

auditd is the daemon that has to be installed to achieve the same. One can refer link to learn more. aureport is used for generation of report and ausearch is used for searching within the logs collected by auditd. auditctl is used for configuring log collection rules

Note: Please check the locale using command date '+%x' and then pass it to ausearch with start and end dates as:

ausearch -ts <locale-date-format> -te <locale-date-format>

this
this