- Posted In
- Red Hat Enterprise Linux
we are currently using a SIEM to monitor the user activities that are being done by our SAP third party companies due to security concerns which means we wish to send in the rsyslog any command they performing and obviously any authentication success or failures.
So far, we are receiving the required data however we would like to go a step further by viewing logs when a locked user is being used or even if a user has been locked or unlocked. Is this information available in the audit files if we modify the logging level?
Any help would be greatly appreciated.