You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit elastic.co/guide.

Auditd

Collect logs from Auditd. Auditd is a user-space component of the Linux Auditing System that records and tracks security-related events for monitoring and analysis purposes.

Available Auditd integrations include:

  • Auditd Logs: Collect logs from Linux audit daemon with Elastic Agent.
  • Auditd Manager: The Auditd Manager Integration receives audit events from the Linux Audit Framework that is a part of the Linux kernel.

On this page