Support
 
Support Get Quote
 
 
 
 

Linux Auditing and Reporting

Linux Auditing and Reporting

Linux systems are popular in many organizations, and auditing the syslogs of the Linux systems can provide important information on the events in your network. This information will help you decide on various administrative and security actions. Auditing Linux systems involves:

  • Monitoring all Linux system logons and logoffs.
  • Tracking all changes to user accounts and groups.
  • Staying aware of all instances when a removable device is plugged into or taken out of your network.
  • Tracking all sudo command executions.
  • Monitoring Linux mail and FTP servers for actions performed, errors, and more.
  • Learning of any potential security threats so you can preempt them.
  • Identifying all events occurring at each severity level, including critical events.
  • Tracking several other events such as session connections, NFS mounts, and more.

Auditing Linux systems gives you complete control over the security and management of your network. But, it is not that simple. You can instead use EventLog Analyzer, a comprehensive syslog management solution, to maintain a secure Linux system.

Auditing Linux Systems with EventLog Analyzer

  • Complete Linux log management and auditing.
  • Monitor Linux processes, user activity, mail servers, and more.
  • Over 100 predefined reports exclusively for Linux systems, including server errors, server usage, and security reports.
  • Customize, schedule, and export reports as needed and even define custom reports.
  • Reports are provided in graph, list, and table formats, and you can easily pull up the plain-text log information from any report entry.
  • Receive instant email or SMS notifications for all events you want to track in real time.
  • The correlation feature provides a device of customizable rules to alert you when specific events occur in sequence.
  • The logs are securely archived and easily searchable with the product-flexible log forensics feature.

Linux Logon and Logoff Reports

  • Track all logons and logoffs, including individual methods for logging on such as SU, SSH, and FTP logons.
  • Overview and top N reports summarize information and present the users and devices with the most frequent logons.

Available Reports

User logons | SU logons | SSH logons | FTP or SFTP logons | Logon overview | Top logons based on user | Top logons based on device | Top logons based on remote device | Top Linux logon method | Logon trend | User logoffs | SU logoffs | SSH logoffs | FTP or SFTP logoffs | Logoff overview

Linux Failed Logon Reports

  • View a list of all failed logons.
  • Top N reports reveal the users whose logon attempts fail most frequently.
  • Identify users with multiple consecutive authentication failures.
  • Identify remote devices generating the highest number of failed logon attempts.

Available Reports

User failed logons | SU failed logons | SSH failed logons | FTP or SFTP failed logons | Failed logons overview | Top failed logons based on user | Top failed logons based on device | Top failed logons based on remote device | Top failed logon methods | Failed logon trends | Repeated authentication failures | Invalid user logon attempts | Unsuccessful logon failures with long password | Repeated logon failure based on remote device | Repeated authentication failures based on remote device

Linux User Account Management

  • Discover all user accounts and groups that have been added, removed, or renamed.
  • Identify failed password changes and newly added users.
  • Learn the user account management tasks that occur most frequently.

Available Reports

Added user accounts | Deleted user accounts | Renamed user accounts | Groups added | Groups deleted | Groups renamed | Password changes | Failed password changes | Failed user additions | Top Linux account management events

Linux Removable Disk Auditing

  • Audit the use of removable devices on your Linux systems.
  • Learn the details of each time a removable device is plugged into or taken out of the network.

Available Reports

USB plugged in | USB taken out

Sudo Commands

  • View details of all successful and failed sudo command executions.
  • Identify the most frequently attempted sudo commands.

Available Reports

SUDO command executions | Failed SUDO command executions | Top SUDO command executions | Top failed SUDO command executions

Linux Mail Server Reports

  • Obtain an overview of the email server usage pattern and view the trends associated with emails sent and received.
  • Identify the users and remote devices sending and receiving the most email.
  • Discover the domains that send, receive, or reject the most email.
  • Track errors such as mailbox unavailable, insufficient storage, bad sequence of commands, and more.
  • Discover the errors that occur most frequently.

Available Reports

Emails sent overview | Emails received overview | Top emails sent based on sender | Top emails sent based on remote device | Top emails received from remote devices | Top sender domain | Top recipient domain | Trend report on emails sent | Trend report on emails received | Top emails rejected based on sender | Top receivers who rejected emails | Top email rejection errors | Top rejected domains | Emails rejected overview | Mailbox unavailable | Insufficient storage | Bad sequence of commands | Bad email Address | Nonexistent email address on remote side | Top email errors | Top email errors based on sender | Failed email deliveries

Linux Errors and Threats

  • Discover potential security concerns so you can proactively prevent them.
  • Identify errors that do not need corrected.

Available Reports

Reverse lookup errors | Bad deviceConfig errors | Bad ISP errors | Invalid connection remote device | Denial of service attack

Linux NFS Events

  • Obtain details for all successful and denied NFS mounts.
  • Identify the users and remote devices with the highest number of denied NFS mounts.

Available Reports

Successful NFS mounts | Refused NFS mounts | Denied NFS mounts based on users | Top successful NFS mounts based on remote device | Top refused NFS mounts based on remote device.

Linux other Events

  • Obtain details on all cron jobs.
  • Identify services that have been deactivated.
  • View details of sessions that have been connected and disconnected.
  • Stay aware of any timeouts during the logging process.
  • Track mismatched errors in device names or addresses.

Available Reports

Cron Jobs | Cron Edit | Cron Job Started | Cron Job Terminated | Connection aborted by a software | Receive identification string | Session connected | Session disconnected | Deactivated services | Unsupported protocol version | Timeout while logging | Failed updates | deviceName mismatch error | deviceAddress mismatch error

Linux FTP Server Reports

  • Obtain details for all file downloads and uploads.
  • View details for timeouts that occur during logon, data transfer, idle sessions, and connections.
  • Identify users and remote devices who perform the highest number of FTP operations.

Available Reports

File downloads | File uploads | Data transfer stall timeouts | Logon timeouts | Session idle timeouts | No transfer timeouts | Connection timeouts | FTP reports overview | Top FTP operations based on user | Top FTP operations based on remote device

Linux System Events

  • Track important system events such as the stopping and restarting of syslog service, low disk space, and executions of the yum command.

Available Reports

Syslog service stopped | Syslog service restarted | Low disk space | System shutdown | Yum installs | Yum updates | Yum uninstalls

Linux Severity Reports

  • View events logged at each severity level, from emergency to debug.

Available Reports

Emergency events | Alert events | Critical events | Error events | Warning events | Notice events | Information events | Debug events

Linux Critical Reports

  • View critical events based on the event, device, or remote device responsible for generation.
  • A trend report is provided to uncover patterns in the occurrence of critical events.

Available Reports

Criticality level of events | Critical reports based on event | Critical events based on device | Critical events based on remote device | Critical event trends | Critical events overview

Customer Speaks
  • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
     
    Benjamin Shumaker
    Vice President of IT / ISO
    Credit Union of Denver
  • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
     
    Joseph Graziano, MCSE CCA VCP
    Senior Network Engineer
    Citadel
  • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
     
    Joseph E. Veretto
    Operations Review Specialist
    Office of Information System
    Florida Department of Transportation
  • I love the alerts feature of the product. We are able to send immediate alerts based on pretty much anything we can think of. We send alerts when certain accounts login, or when groups are changed, etc. That has been very helpful. Also the automatic archive of the log files has been very helpful and has taken the worry out of keeping old logs. The “Ask Me” function is very nice as well. It is great to have some natural language queries built in where you can just click a button and get an answer.
     
    Jim Earnshaw
    Senior Computer Specialist
    Department of Chemistry
    University of Washington
  • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
     
    Jim Lloyd
    Information Systems Manager
    First Mountain Bank

EventLog Analyzer Trusted By

A Single Pane of Glass for Comprehensive Threat Management