Hi,
I have 20 Linux servers in the network. Is there a way to audit all Linux clients using a centralized server? For example, what commands are run by John on Linuxnode1? Steve on Linuxnode15? and so on and so forth to track user activity. Which files have been modified or edited or commands etc...... by the users.
I have installed auditd, but it is local to the Linux server. Thanks in advance.
Best Regards,
Kaushal
What do you mean by "I have installed auditd, but it is local to the Linux server" ?
@ylasri Is there a way to push all audit logs to an Elastic Stack?. I am running Audit daemon on Centos by referring to Linux System Monitoring and More with Auditd - Linux.com
Please suggest. Thanks in advance.
Best Regards,
Kaushal
You could use auditbeat to collect the logs and send it to elasticsearch.
You can follow the documentation on how to install and configure here.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.