Projects / audit daemon

audit daemon

The audit package contains the user-space utilities for creating audit rules, as well as for storing, searching, and generating reports from the audit records generated by the audit subsystem in the Linux 2.6 kernel and higher. It has a real-time plugin interface for event analysis and remote logging of events.

Operating Systems

Recent releases

  •  12 Apr 2014 11:58

    Release Notes: Improved ARM and AARCH64 support, a new checkpoint feature in ausearch, an update of aulast to support recent LOGIN events in recent kernels, plus various cleanups, bugfixes, and documentation improvements.

    •  23 Mar 2012 13:54

      Release Notes: This release updates the syscall table for the 3.3 Linux kernel, fixes a bug in grouping records in the same event when the node name is too long, and adds a new feature to ausearch to interpret some arguments to over 40 common syscalls.

      •  02 Mar 2012 00:31

        Release Notes: This release adds lots of bugfixes in ausearch parsing of event records, improvements to the sample rules, support for virtualization events, a new auvirt utility, and interfield comparison support for the 3.3 and later kernels.

        •  12 Jun 2011 13:25

          Release Notes: The event parsers were reviewed and updated for better event analysis. A few daemon generated events were fixed. Reliability of remote event logging was improved.

          •  21 Apr 2011 01:11

            Release Notes: Many improvements were made to the robustness of remote logging. Some problems related to audispd plugin management were fixed. autrace was fixed for the i386 and s390 platforms.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.