Educause Security Discussion mailing list archives
Linux Auditd Logging
From: "Doggendorf, Michael" <md () BUFFALO EDU>
Date: Mon, 22 Jun 2020 19:35:37 +0000
Hello all, We are currently bringing in our Windows Security Event Logs from our Windows Servers into our Splunk SIEM for monitoring and auditing purposes. We have created a GPO with specific types of events to monitor that has been applied to these servers to ensure that everything we need from the Security Event logs is properly logged. We want to do the same sort of security log standardization with our Linux server logs for pulling into Splunk using Auditd. Do any of you have any good resources could use to develop the standard audit.rules files we will need or would be willing to share some of your audit.rules files? Thanks! Michael Doggendorf Senior Information Security Analyst Information Security Office University at Buffalo ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Linux Auditd Logging Doggendorf, Michael (Jun 22)