auditd

Auditd is the userspace component of the Linux Auditing System that records kernel-level events such as system calls, file access, and user authentications. It provides a configurable ruleset to capture events relevant for compliance, intrusion detection, and forensic investigations. The audit logs are detailed and can be forwarded to centralized logging systems for correlation and long-term storage. Administrators use auditd to demonstrate compliance with regulations and to investigate suspicious activity on hosts. Proper configuration is crucial to capture meaningful events while managing performance and log volume.

Details

Deployment mode

Desktop Linux

On-premise Linux

Pricing model

Free

Open source

Organisation

Recommended by NERO

This organisation collects external/opensource solutions and training resources collected and validated by NERO partners.

Training and support

Free trial available:

Yes

Available trainings

Ratings & reviews

This solution has not been reviewed yet.