Using ausearch and aureport to read logs
In the previous section, we have seen how the auditd tool can be used to define rules and keep watch on particular files and directories.
To retrieve data from the auditd log files, we can use the ausearch tool and by using aureport, we can generate reports based on these logs.
ausearch is a command-line tool that is used to search the log files of the auditd daemon on the basis of events and other search criteria.
Similary, aureport is also a command-line tool that helps in creating useful summary reports from the log files of the audidt daemon.
Getting ready
When we install the auditd daemon, it will also install the ausearch and aureport tool along with it. So no extra installation is needed to use these tools.
How to do it...
In this section, we will see how to use ausearch and aureport tools to read the log files of the auditd daemon and create reports from them:
- The default location to find the logs of auditd is
/var/log/audit/audit.log. If we view...
