Hi, I just wounder whatkind of log events I can get from the standardconfiguration on Linux with envision
Is it possible to get events on running exe-files, events on changing different files like /etc/syslog.conf etc?
With standard linux you will get logs depending upon facility(logging channels) you are forwarding to envision eg : mail,authpriv,cron,kern, local[0-7] etc . This configuration can be defined in syslog.confMost of these logs are stored in /var/log foldermessages file - captures system events,secure - authentication events
On linux you cannot run .exe files, these can only run on windows OS platform.
File integrity changes are not captured in standard linux logs. For this you can go for a host IDS/IPS which can log it for you but then it might not be supported by envision.
Sorry I didn't ment exe files just executions like if I start Vi. Would like to log what a user is doing in the system is that possible with ths standard looging? And will envision get i?
This type of info can be seen in history file but log forwarding may be a issue.
Retrieving data ...