Linux OS

OverviewResources

Once syslogs are received in to EventTracker, alerts and reports can be configured into EventTracker.

The following Knowledge Packs are available in EventTracker to support Linux monitoring:

Operations

Alerts

Linux-System shutdown: This alert is generated when a Linux system is shutdown.

Reports

Linux-User connection closed: This report provides connection related information.
Linux-System shutdown:This report provides information related to system shutdown done by different hosts.

Security

Alerts

Linux-SU Session Failed: This alert is generated when the SU session fails.

Reports

Linux-User authentication failed: This report provides information about the authentication failures by users.
Linux-User authentication success: This report provides information about the successful authentication by users.
Linux-SU session failed: This report provides information related to the failed super user session.
Linux-Sudo command executed: This report provides information about the commands executed using super user privileges.

Compliance

Reports

Linux-Account operation: This report provides information about additions, deletions or modifications of account in a Linux server, and includes username, group name, user ID (UID), group ID (GID), user home directory and shell file, and changes that have happened in accounts.
Linux-User logon failed: This report provides information about the logon failures by users.
Linux-User logon success: This report provides information about the successful logins by users.

Scope

The configurations detailed are consistent with EventTracker Enterprise version 7.X and later, and Linux Redhat 6, CentOS 6.x, Ubuntu 12.04 and later.

Documentation:

For more information please refer the Integration guide

Solutions

Capabilities

Industries

Knowledge Center

Support

Linux OS

Overview

Scope

Documentation: