zoukankan      html  css  js  c++  java
  • linux audit审计(8)--ausearch搜索audit日志文件

    ausearch这个工具,可以针对指定的事件来搜索audit日志文件。默认情况下,ausearch搜索/var/log/audit/audit.log这个文件。

    The ausearch utility allows you to search Audit log files for specific events. By default, ausearch searches the /var/log/audit/audit.log file. You can specify a different file using the ausearch options -if file_name command. Supplying multiple options in one ausearch command is equivalent to using the AND operator between field types and the ORoperator between multiple instances of the same field type.

     Using ausearch to Search Audit Log Files

    To search the /var/log/audit/audit.log file for failed login attempts, use the following command:
    ~]# ausearch --message USER_LOGIN --success no --interpret
    To search for all account, group, and role changes, use the following command:
    ~]# ausearch -m ADD_USER -m DEL_USER -m ADD_GROUP -m USER_CHAUTHTOK -m DEL_GROUP -m CHGRP_ID -m ROLE_ASSIGN -m ROLE_REMOVE -i
    To search for all logged actions performed by a certain user, using the user's login ID (auid), use the following command:
    ~]# ausearch -ua 1000 -i
    To search for all failed system calls from yesterday up until now, use the following command:
    ~]# ausearch --start yesterday --end now -m SYSCALL -sv no -i

    For a full listing of all ausearch options, see the ausearch(8) man page.

  • 相关阅读:
    oracle性能监控
    MySQL Explain详解
    oracle中merge into用法解析
    Mysql常见函数
    Quartz -第一篇-入门
    搭建zookeeper集群
    linux 安装mysql
    mysql无法远程访问
    ActiveMQ 持久化
    Nyoj 城市平乱(图论)
  • 原文地址:https://www.cnblogs.com/xingmuxin/p/8872549.html
Copyright © 2011-2022 走看看