Skip to content

Technical Documentations and Knowledge Base

Getting started
Getting started
- Overview
Knowledge Base
Knowledge Base
- Guides
  Guides
  - Networking
    Networking
    
    Choosing the right hostname
  - Development
    Development
    
    Style Guides
    Style Guides
    
    Bash Style Guide
    
    Dotfiles management
    
    Git
  - Linux
    Linux
    
    Troubleshooting
    Troubleshooting
    
    Can't use Docker due to insufficient rights
    
    System fails to boot and fallsback to an initramfs shell
    
    Gnome fails to lock the session
    
    Understanding the top commands' memory type fields
    
    How to monitor filesystem events with auditd How to monitor filesystem events with auditd
    Table of contents
    
    What is auditd used for ?
    
    Useful links
    
    How to read system log messages

How to monitor filesystem events with auditd

What is auditd used for ?

auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Viewing the logs is done with the ausearch or aureport utilities. Configuring the audit rules is done with the auditctl utility.

Useful links