Linux Auditd Logging

["Doggendorf, Michael" <md () BUFFALO EDU>]

Hello all,

We are currently bringing in our Windows Security Event Logs from our Windows Servers into our Splunk SIEM for 
monitoring and auditing purposes. We have created a GPO with specific types of events to monitor that has been applied 
to these servers to ensure that everything we need from the Security Event logs is properly logged.

We want to do the same sort of security log standardization with our Linux server logs for pulling into Splunk using 
Auditd.

Do any of you have any good resources could use to develop the standard audit.rules files we will need or would be 
willing to share some of your audit.rules files?

Thanks!

Michael Doggendorf
Senior Information Security Analyst
Information Security Office
University at Buffalo


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community