Auditd.conf articles

Tuning auditd: high-performance Linux Auditing

accounting
auditctl
auditd
auditd.conf
performance
system performance
system tuning

Last change: 2025-03-16

To achieve better performance with a auditd configuration, it needs to be tuned. See performance boosters like events exclusion, rule ordering, and more.

Commands:

auditctl
aureport

Linux Audit Framework 101 – Basic Rules for Configuration

audit
auditctl
auditd
auditd.conf
ausearch

Last change: 2025-03-12

The Linux audit framework is a very powerful tool to monitor files, directories, and system calls. Learn how to configure it.

Linux audit: Log files in /var/log/audit

audit
auditd
auditd.conf
rsyslog

Last change: 2025-03-12

This article describes the purpose of the audit.log file in /var/log/audit and the relationship with the Linux audit framework.

Commands:

ausearch
aureport