Hi Team,
We have requirement where we have to monitor and log any read operations 
performed on a file. 
e.g. /a/b/c/xyz.log
This file is usually copied and downloaded by many users using various 
operations, like, wget, ssh, jsp Download link provided. These commands are 
fired from different hosts.
With the auditd we want to create a rule which auditctl can leverage to log the 
User ID that is reading (and copying) it from a different host may be. I have 
gone through many of the rules but didn't find anything fruitful as such (which 
logs wget, scp commands from remote hosts). May be I am missing on something. 
Since it is a very crucial requirement, appreciate your guidance and directions 
with this.
Let me know in case you require any further information from my end. Many 
thanks in advance.



Thanks and Regards,Varun Gulati
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to