Viewing in the Logs when a user has been Locked

Comments

Hi,

we are currently using a SIEM to monitor the user activities that are being done by our SAP third party companies due to security concerns which means we wish to send in the rsyslog any command they performing and obviously any authentication success or failures.

So far, we are receiving the required data however we would like to go a step further by viewing logs when a locked user is being used or even if a user has been locked or unlocked. Is this information available in the audit files if we modify the logging level?

Any help would be greatly appreciated.
Regards,
Alexandre Laquerre

Started 2019-04-25T16:35:47+00:00 by

Alexandre Laquerre

Newbie 15 points

Responses

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)

Select Your Language

Viewing in the Logs when a user has been Locked

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links