Return to Question

Minor formatting, fix typos, add tag

Source Link

edited Jul 23, 2024 at 12:54

23.6k
25
55
77

Im trying to monitor the start and stop of processes on a server with auditdauditd, using the following rule

-w /usr/bin/ -p x -k T1569.002

-w /usr/bin/ -p x -k T1569.002

howeverHowever, when raising an event to generate the log and searching it whit ausearchwith ausearch, the only log it fibdsfinds is the addition of the rule.

Im trying to monitor the start and stop of processes on a server with auditd, using the following rule

-w /usr/bin/ -p x -k T1569.002

however, when raising an event to generate the log and searching it whit ausearch, the only log it fibds is the addition of the rule.

Im trying to monitor the start and stop of processes on a server with auditd, using the following rule

-w /usr/bin/ -p x -k T1569.002

However, when raising an event to generate the log and searching it with ausearch, the only log it finds is the addition of the rule.

logs linux-audit

Source Link

asked Jul 19, 2024 at 21:16

David Pérez

Monitoring start and stop processes

Im trying to monitor the start and stop of processes on a server with auditd, using the following rule

-w /usr/bin/ -p x -k T1569.002

however, when raising an event to generate the log and searching it whit ausearch, the only log it fibds is the addition of the rule.

linux-audit