Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If you want to get a little more advanced I suggest looking into AIDE, since it will let you know when just about anything changes on your server including config files, new users, etc. I don't know how well it scales, since we're using it but haven't integrated it into our logging server since we're working on moving away from Spunk to ELK stack.
Last edited by ihaveavirus; 08-08-2016 at 09:49 AM.
Right now I have all of my RHEL servers using rsyslog reporting back to this logging server. I will have research on how to setup to log what you recommend, or maybe rsyslog can be setup for this.
Splunk and Elastic Search was recommended by others to review the logs.
You can definitely increase the output from rsyslog and fine tune to get specific messages. Also, when you start getting into logging, remember that space will be utilized very quickly, so its not a good idea to just "fire and forget". Logging servers require continuous maintenance and fine tuning to get the results you need for any given requirements.
AIDE, is something I want to look into as well. However we have Varonis installed, so I'm wondering if I will need both?
The reason I ask is because of the external audits that we have from time to time. I want to set something up in advance, that way when the day comes, I can show the auditors that yes I am auditing various events on the servers.
Ooo..Varonis looks like a neat utility and is definitely more advanced than AIDE. AIDE monitors for integrity, but it doesn't actively notify you or prevent any data loss or data exfiltration; you have to manually review the data.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.