SIEM, Log Management, Security, Compliance, Server Monitoring and Uptime Monitoring Software

Red Hat Enterprise Linux (RHEL) Audit Log Consolidation

February 5th, 2023

This is part 1 of a 2 part article set in which I will show you how to download, parse and save a Red Hat Enterprise Linux (RHEL) Audit Log File to a Corner Bowl Server Manager 2023 Log Database.

  • In part 2 I will show you how to create a single SIEM report that displays a horizontal bar chart of successful logons on both a RHEL server and a Windows domain and then lists all successful logon entries from both environments for the last 24 hours.

Table of Contents

How to Gain Access to the RHEL Audit Log?

  • First, Server Manager uses an automated SSH shell connection to copy the audit log file to a temporary directory which a non-root account can gain access too.
  • Second, Server Manager uses an SFTP/SSH connection to read the contents of the temporary file, parse the entries then save the parsed entries to the log database.
  • Finally, Server Manager uses another automated SSH shell connection to delete the temporary file.

Ok so let's show you how this is accomplished but first a note about RHEL, Linux and other Unix based flavors.

How to Add a RHEL server?

How to Configure the RHEL Audit Log Consolidation Template?

Putting it All Together?

February 5th, 2023