Auditd
Collect logs from Auditd. Auditd is a user-space component of the Linux Auditing System that records and tracks security-related events for monitoring and analysis purposes.
Available Auditd integrations include:
- Auditd Logs: Collect logs from Linux audit daemon with Elastic Agent.
- Auditd Manager: The Auditd Manager Integration receives audit events from the Linux Audit Framework that is a part of the Linux kernel.