Hi all. I ‘ve been lurking around, listening for things I can use…but I’m not where you guys are at in terms of auditing.  I still have a requirement, however. 

 

So, help me to understand a very basic functioning of Linux (I imagine its basic). 

 

In a standalone system:

 

How in the world do I capture, create and save human readable reports and then clear audit logs. 

 

Which BASIC /var/log should every accidental sysad (like myself) be capturing?

 

I know where to put the audit rules, but at this point, I’m just sort of following instructions for that without any real sense of understanding.  The farthest I’ve gotten is –w means watch.

 

If you guys would take a moment to ask such a rudimentary question, I might be able to move past go.

 

Thank you for your time.

 

Margaret M. Sanders

SwRI ISSO/ATA