Support for Linux file auditing?

qle

I've found this SolarWinds knowledge base article about configuring Windows for file auditing. In the end, this populates security event log which is captured by LEM.

Unfortunately, I couldn't a similar KB article for Linux. I'm wondering if there's a similar setup for Linux that is supported by LEM. If so, any guidance with regard to setting this up would be appreciated. Also, which connector would be configured in LEM to capture this?

FormerMember

I know some of our customers use Tripwire Enterprise across platforms, but it's a non-free solution.

We do have customers on linux using Linux audit (auditd) to accomplish general system auditing. That's probably your best bet as a place to start, but we don't have any documentation on setting it up in house. Here's a pretty good overview: Linux Super-Duper Admin Tools: audit

PS: We do have a connector for this one, so when you get it set up, you just need to configure the connector on the agent to monitor the right log file (usually somewhere in /var/log, sometimes even /var/log/audit.log).