Meeting the Challenge of Log Management for Unix and Linux Systems
UNIX and Linux generate a wide array of audit logs. Modern versions of Linux and UNIX provide a formal audit system that creates a detailed audit trail of security activity across all of the operating system's components. When combined with legacy text-based and syslog-based audit trails, each Linux and UNIX system can provide a wealth of audit data. However, UNIX and Linux audit logs vary greatly in terms of format, content and reliability, even within one flavor of UNIX or distribution of Linux. Also, UNIX and Linux auditing provides only some rudimentary log rotation and aggregation capabilities.