Auditing all Linux clients with centralised server

Hi,

I have 20 Linux servers in the network. Is there a way to audit all Linux clients using a centralized server? For example, what commands are run by John on Linuxnode1? Steve on Linuxnode15? and so on and so forth to track user activity. Which files have been modified or edited or commands etc...... by the users.

I have installed auditd, but it is local to the Linux server. Thanks in advance.

Best Regards,

Kaushal

What do you mean by "I have installed auditd, but it is local to the Linux server" ?

@ylasri Is there a way to push all audit logs to an Elastic Stack?. I am running Audit daemon on Centos by referring to Linux System Monitoring and More with Auditd - Linux.com

Please suggest. Thanks in advance.

Best Regards,

Kaushal

You could use auditbeat to collect the logs and send it to elasticsearch.

You can follow the documentation on how to install and configure here.