How to monitor each and every command executed by user, even in sudo level. I have configured audit rules and they are appearing in audit.logs, but I want to view each command timely from server to Kibana/wazuh manager. enter image description here
Asked
Active
Viewed 503 times
1 Answers
0
Auditd share complete commands and users UID too with wazuh if configured properly. So I just added those columns from list in Kibana and now data is apearing fine.
Sulaiman
- 101
- 1
- 1