Comments on: A Brief Introduction to auditd

By: Dwight Spencer

Dwight Spencer — Sun, 07 Jun 2015 20:09:07 +0000

A central logging system is going to fit this use case. Logstash, Logentries and Splunk all give a great user experence and have powerful quering languages.

However, I would incurrage one to use logstash/elasticsearch since the free version of splunk and logentries do have several caviates when going over data storage or bandwidth restrictions.

Also, one can utilize fluentd and collectd+statsd+graphana with logstash and get a better picture of what is going on with ones environment footprint. With fluentd one can even create actionable agents based on the alerts to preform basic procedual administrative tasks via abutraial execuables. (ie, kill long running tasks, null route ddos, launch additional running virtual instances in ones cloud)

By: tdurden

tdurden — Wed, 03 Jun 2015 16:49:38 +0000

splunk is $$, try greylog2..

By: Bob Cat

Bob Cat — Wed, 25 Mar 2015 11:22:28 +0000

Have you tried the Linux Auditd app for Splunk? https://splunkbase.splunk.com/app/2642/

By: Jason

Jason — Thu, 12 Sep 2013 13:36:34 +0000

Nice quick overview of auditd. Are there any good open source reporting tools out there for monitoring the logs across many servers? I'm thinking either a dashboard or daily email with changed files. It'd also be nice to crosscheck with puppet reports to see that a file was changed intentionally. If not, then I'm considering rolling my own using logstash and elasticsearch.