Linux kernel Audit support
I have enabled the Linux kernel audit support and am able to get the audit.log file properly.
But I need to check for a particular scenario where my Linux machine goes to deep sleep and then wakes up from that state. I need to collect the logs during this transition. Meaning to say - I would like to audit which files/processes is getting audited during this transition (wake up from deep sleep).
Please let me know what else I should do along with enabling the Linux kernel audit support?
|