Find knowledge base article(s) by searching for keywords in the title e.g. type linux in the search box below
Find knowledge base article(s) by browsing the subject categories of articles
Technology quick references, cheatsheets, user manuals etc.
Shop Online through ShopifyLite
Tutorials on various IT applications.
Search Title    (UL:0 |SS:f)

Software >> OS >> Unix >> Linux >> RHEL >> 7 >> How to use aureport to search for events in audit log

 

Purpose Command
Search  shutdown events ausearch -i -m system_boot,system_shutdown | tail -4

type=SYSTEM_SHUTDOWN msg=audit(08/31/2020 06:33:01.571:595) : pid=27156 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg=' comm=systemd-update-utmp exe=/usr/lib/systemd/systemd-update-utmp hostname=? addr=? terminal=? res=success'
----
type=SYSTEM_BOOT msg=audit(08/31/2020 06:33:12.838:9) : pid=828 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg=' comm=systemd-update-utmp exe=/usr/lib/systemd/systemd-update-utmp hostname=? addr=? terminal=? res=success'
Search failed login attempts

ausearch --message USER_LOGIN --success no --interpret

 
search for all account, group, and role changes ausearch -m ADD_USER -m DEL_USER -m ADD_GROUP -m USER_CHAUTHTOK -m DEL_GROUP -m CHGRP_ID -m ROLE_ASSIGN -m ROLE_REMOVE -i
search for all logged actions performed by a certain user, using the user's login ID (auid) ausearch -ua 1000 -i
search for all failed system calls from yesterday up until now ausearch --start yesterday --end now -m SYSCALL -sv no -i

 
[ © 2008-2021 myfaqbase.com - A property of WPDC Consulting ]