aureport -l returns no events of interest
Hi All, I am new to the forum, I am hoping someone can shine a light at what is causing aureport -l to not show remote logins.
My project at work is to set up auditd on an instance of AWS which was made purely for auditd configuration and testing. I already have auditd running and logging stuff into /var/log/audit. I am seeing "LOGIN" events go into audit logs but aureport seems to be looking for something else. aureport -au also returns "no events of interest".
I still consider myself entry level with Linux so If there are any information/configuration I am leaving out, please let me know and I'll be happy to post it.
|