You want to receive daily information about possible security issues in your environment, such as brute force attack attempts.
You can achieve this by scheduling gathering and reporting jobs with InTrust.
Take the following steps:
This topic describes the format that Audit log data is stored in. Native tools are used for converting Audit log to text, and the text entries are transformed into event records for the repository or audit database. Each event record has a fixed number of fields, which are described in the following table. These fields are always present, even if their values are empty.
Field |
Details |
---|---|
EventID |
Event ID |
EventType |
Success (0x0008) or failure (0x0010) |
UserName |
The user that generated the event |
Description |
The body of the event |
Insertion String #1 |
Process ID (PID) |
Insertion String #2 |
Parent process ID (PPID) |
Insertion String #3 |
Audit ID (AID) ID assigned to the initiator account by the audit system and found in all events that this account generates |
Insertion String #4 |
Real UID (RUID) UID of the user that initially logged into the system |
Insertion String #5 |
Real GID (RGID) GID of the user that initially logged into the system |
Insertion String #6 |
Effective UID (EUID) UID of the initiator account at the time of the event; the effective UID may have changed since the user initially logged in |
Insertion String #7 |
Effective GID (EGID) GID of the initiator account at the time of the event; the effective GID may have changed since the user initially logged in |
Insertion String #8 |
Number of the TTY device where the event was generated |
Insertion String #9 |
String description of the event |
Insertion String #10 |
String description of the real GID (specified by Insertion String #5) |
Insertion String #11 |
String description of the effective GID (specified by Insertion String #7) |
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center