Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 06-24-2010, 04:20 PM   #1
Registered: Mar 2010
Distribution: zLinux, RHEL, Ubuntu, SUSE
Posts: 50

Rep: Reputation: 16
RHEL syslog vs audit log

Compare and contrast.

I know the audit log is based on kernel hooks so it can have more information than the syslog, however, are there reasons why one would need the syslog to alert on events that are not in the audit log for system health checking, and potentially forensics in the case of a system be compromised etc, assuming of course the compromiser didn't mod the logs?
Old 06-24-2010, 05:44 PM   #2
Senior Member
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653
Syslog and the audit subsystem have different purposes - syslog is a general logging daemon available for any application or the system to use for any reason. The audit daemon's job is to track specific activities or events to determine who did what and when.

As far as your question goes, they provide different information so the more available the better



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux audit : kill syscall and syslog flatplane Linux - Security 5 06-09-2010 09:01 AM
I need help getting syslog to log remotely, this is just the regular syslog. abefroman Linux - Software 2 06-05-2008 11:36 AM
Sending audit information with syslog kelo81 Linux - Security 8 01-29-2008 06:31 PM
syslog-ng on FC5 only logging audit weisso5 Linux - Software 1 01-07-2008 01:50 PM
Increase Audit Log size in RHEL 3.0? spelltoronto Linux - Newbie 4 05-17-2005 06:29 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:49 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration