How to log changes made in a particular file using syslog-ng. The log must contain the timestamp, hostname, user who modified the file and action performed. Is there any option other than audit in Linux, as audit generates more data in the log. Can the same be done in windows as whenever a user modifies the file it must be logged in the evenlog/ any log files.
Asked
Active
Viewed 891 times
0
-
what file? text file? is it under version control? be specific. – sivann May 20 '15 at 07:20
-
Any file for example configuration files. If any user changes the mode or edit the configuration then it must be logged – Arun May 20 '15 at 07:43
-
auditd is the way to go since it has kernel bindings. Anything else like a periodic scan, is unreliable because it will miss all changes between runs. You can configure audit parameters with auditctrl. See also http://serverfault.com/questions/202044/sending-audit-logs-to-syslog-server for auditd-syslog integration. – sivann May 20 '15 at 08:40