zoukankan      html  css  js  c++  java

  • linux audit (9)--生成audit报表

    aureport这个命令可以生成一个总结性的柱状图报表,默认情况下,在/var/log/audit目录下的所有日志文件都会生成一个报表,也可以使用如下命令来指定一个不同的文件,aureport options -if file_name。


    1、按照时间来生成报告:

    ~]# aureport --start 04/08/2013 00:00:00 --end 04/11/2013 00:00:00

    2、To generate a report of all executable file events, use the following command:

    ~]# aureport -x

    结果如下所示:

    :~ # aureport -x

Executable Report
====================================
# date time exe term host auid event
====================================
1. 04/18/2018 18:33:56 /usr/lib/systemd/systemd ? ? -1 4
2. 04/18/2018 18:34:01 /usr/sbin/crond cron ? -1 5
3. 04/18/2018 18:34:01 /usr/sbin/crond cron ? -1 6
4. 04/18/2018 18:34:01 /usr/sbin/crond cron ? 0 8
5. 04/18/2018 18:34:01 /usr/sbin/crond cron ? 0 9
6. 04/18/2018 18:34:01 /usr/sbin/crond cron ? 0 10
7. 04/18/2018 18:34:01 /usr/sbin/crond cron ? 0 11
8. 04/18/2018 18:36:01 /usr/sbin/crond cron ? -1 12
9. 04/18/2018 18:36:01 /usr/sbin/crond cron ? -1 13
10. 04/18/2018 18:36:01 /usr/sbin/crond cron ? 0 15
11. 04/18/2018 18:36:01 /usr/sbin/crond cron ? 0 16
12. 04/18/2018 18:36:01 /usr/sbin/crond cron ? 0 17
13. 04/18/2018 18:36:01 /usr/sbin/crond cron ? 0 18
14. 04/18/2018 18:38:01 /usr/sbin/crond cron ? -1 19
15. 04/18/2018 18:38:01 /usr/sbin/crond cron ? -1 20
16. 04/18/2018 18:38:01 /usr/sbin/crond cron ? 0 22

    3、To generate a summary of the executable file event report above, use the following command:

    ~]# aureport -x --summary
    4、To generate a summary report of failed events for all users, use the following command:
    ~]# aureport -u --failed --summary -i
    5、To generate a summary report of all failed login attempts per each system user, use the following command:
    ~]# aureport --login --summary -i

    6、To generate a report from an ausearch query that searches all file access events for user ID 1000, use the following command:

    ~]# ausearch --start today --loginuid 1000 --raw | aureport -f --summary

    7、To generate a report of all Audit files that are queried and the time range of events they include, use the following command:

    ~]# aureport -t

    For a full listing of all aureport options, see the aureport(8) man page.
  • 相关阅读:
    如何从svn上down项目
    查看当前项目的svn地址
    项目启动失败
    新增sql后面可以跟where条件(多表关联新增数据和复制数据)
    递归思想之---斐波拉契数列
    递归思想之---阶乘算法
    java递归思想之---汉诺塔
    将 Docker 镜像体积减小 转载:https://mp.weixin.qq.com/s/kyK6652kchtudZHhSsYx_Q
    工具 转载 https://mp.weixin.qq.com/s/Y1RHEDu0vuH4qm9QtMISFg
    Kubernetes 学习笔记 权威指南第五&六章
  • 原文地址:https://www.cnblogs.com/xingmuxin/p/8876145.html
Copyright © 2011-2022 走看看