box.audit
- Juan Tomás Alonso Nieto (Deactivated)
May 08, 2023
1 min read
Loading data...
[ 1 Introduction ] [ 2 Valid tags and data tables ]
Introduction
The tags beginning with box.audit identify events generated by go-audit Linux auditing.Â
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as box.audit. The third level identifies the type of events sent, and the fourth level indicates the event subtype.Â
Technology | Brand | Type | Subtype |
|---|---|---|---|
box | audit |
|
|
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
|---|---|
box.audit.unix.auditd | box.audit.unix.auditd |
box.audit.unix.audispd | box.audit.unix.audispd |