Question regarding monitoring security via system logs

Solution Verified - Updated -

Issue

  • Internal Security Group would like to know if there are any strings for which they should search in our system logs. There specific question:
Is there a list of strings (or regular expressions) that would help identify security related events that are already being sent to an internal security incident management tool.

Environment

  • Red Hat Enterprise Linux 5 and 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.