mirror of
https://github.com/ivuorinen/cheatsheet-tldr.git
synced 2026-01-26 11:33:59 +00:00
40 lines
942 B
Plaintext
40 lines
942 B
Plaintext
---
|
|
syntax: markdown
|
|
tags: [tldr, linux]
|
|
source: https://github.com/tldr-pages/tldr.git
|
|
---
|
|
# ausearch
|
|
|
|
> Query the Linux audit log for events.
|
|
> Part of the `audit` package.
|
|
> See also: `audit2why`, `audit2allow`, `aureport`.
|
|
> More information: <https://manned.org/ausearch>.
|
|
|
|
- Search for all SELinux AVC denial events:
|
|
|
|
`sudo ausearch {{[-m|--message]}} avc`
|
|
|
|
- Search for events related to a specific executable:
|
|
|
|
`sudo ausearch {{[-c|--comm]}} {{httpd}}`
|
|
|
|
- Search for events from a specific user:
|
|
|
|
`sudo ausearch {{[-ui|--uid]}} {{1000}}`
|
|
|
|
- Search for events in the last 10 minutes:
|
|
|
|
`sudo ausearch {{[-ts|--start]}} recent`
|
|
|
|
- Search for failed login attempts:
|
|
|
|
`sudo ausearch {{[-m|--message]}} user_login {{[-sv|--success]}} no`
|
|
|
|
- Search for events related to a specific file:
|
|
|
|
`sudo ausearch {{[-f|--file]}} {{path/to/file}}`
|
|
|
|
- Display results in raw format for further processing:
|
|
|
|
`sudo ausearch {{[-m|--message]}} avc --raw`
|