ausearch

ausearch is a tool that can query the audit daemon logs based for events based on different search criteria. The ausearch utility can also take input from stdin as long as the input is the raw log data.^[1]

Documentation

man 8 'ausearch' [EN]

Syntax

ausearch [PARAMETER ...]

Parameters

-c NAME, --comm NAME: Search for an event based on the given NAME. The 'NAME is the executable's name from the task structure.

-r, --raw: Output is completely unformatted. This is useful for extracting records that can still be interpreted by audit tools.

References

↑ man 8 'ausearch'

[1] 8 'ausearch'

[1]