Tip of the Trade: mkbar and mkgraph
Digg
DZone
Reddit
Slashdot
StumbleUpon
del.icio.us
Facebook
FriendFeed
Furl
Red Hat Enterprise Linux and its extended family, Fedora, CentOS, and the rest of the gang, include a fairly new kernel logging subsystem called auditd. auditd has three components: auditctl, ausearch and aureport. auditctl is the auditing daemon, ausearch is a search tool, and aureport is for formatting the data into nice neat columns.
auditd works for any LSM (Linux security module)-based subsystems, such as SELinux. It can record virtually all kernel activity, such as logins, executables, users, file access, syscalls, and any event types from applications that have been designed to send them.
Test-based tools are okay, but graphs are usually better when you need to analyze large globs of logging data. This is a sample of the raw data from /var/log/audit/audit.log:
type=CONFIG_CHANGE msg=audit(1202382129.956:8): audit_backlog_limit=320 old=64 by |
21. 02/07/2008 03:05:50 carla :0 ? /usr/sbin/gdm-binary 29 22. 02/07/2008 03:05:50 carla :0 localhost.localdomain /usr/sbin/gdm-binary 30 23. 02/07/2008 03:10:52 carla ? ? /usr/sbin/userhelper 31 24. 02/07/2008 03:10:52 carla ? ? /usr/sbin/userhelper 32 |
Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.
