"I've turned SELinux off ... and as per Dan Walsh that's a bad thing."
Love it.
Some questions.
*1. For the Severe Events panel: *Where is the severity coming from? The
auditd logs don't show a severity rating.
*2. AUID to username mapping: *How are you doing this? Via tty logs or
fetching passwd file contents somehow?
Thanks,
Farhan
On Wed, Mar 30, 2016 at 8:46 PM, Steve Grubb <sgrubb(a)redhat.com> wrote:
Hello,
On Wednesday, March 30, 2016 10:34:39 PM Douglas Brown wrote:
> This week I released version 2 of the Linux Auditd app for Splunk:
>
https://splunkbase.splunk.com/app/2642/
> Be sure to let me know if you have any suggestions for improvements.
Thanks for posting this. Its good to see utilities like this supporting the
audit daemon.
If anyone else has plugins to logging frameworks, reports, helpful scripts,
etc...feel free to post a notice about them. We are sort of working on a
new
home for the audit system at github and can probably dedicate a page to
related and helpful projects.
-Steve
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit