[Gllug] auditctl

Simon Morris mozrat at gmail.com
Wed Aug 5 09:01:08 UTC 2009


Hello GLLUG,

I'm reading the man page for auditctl and would appreciate any tips or
tricks with file system auditing.

Basically I'm track to track 'mysterious' file deletions from a RHEL5
server - almost certainly a case of users accidentally deleting the file
and then blaming the IT gremlins.

What's the best way to use auditctl - I plan to ship the audit events to
a Splunk server using syslog.

Thanks

~sm

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list