Skip to content

mismailzz/Auditd-Logstash-filter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

auditdfilter.conf

auditdfilter.conf

 
 

Repository files navigation

Auditd-Logstash-filter

This Auditd filter is used to extract out the data from the auditd logs that can be used for detecting suspicious activity on the Linux system. By using this filter, we can easily apply the elasticsearch queries. This will provide better visualization of logs data. From this filter, we can extract the following information like

  1. Arguments of executed commands
  2. Process information
  3. The current working directory of the user
  4. Files access information
  5. User Login attempts (Successful or Failure)
  6. Setuid and Setgid information
  7. System call failure and success
  8. and much more

About

Logstash Auditd filter will provide the structured logs on the ELK server, to monitor suspicious executed commands on the Linux system.

Topics

linux elasticsearch events kibana logstash monitoring attack filebeat filter infrastructure-monitoring siem information-security auditd-logstash-filter

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published