Forum Discussion
bluelogik
May 18, 2020Copper Contributor
Azure Sentinel integrate with Linux logs
Hello everyone, I would like to see if there is a way to query "Event Log Cleared" on Linux system(s), in particular, what the events look like when/after being cleared? For example, for Windows, it...
Ofer_Shezaf
Jun 11, 2020Microsoft
bluelogik : logs are stored in files in Linux and I believe the "1102" for Linux would be a file delete event for those files (usually in /var/log). How to monitor file activity events in Linux is a large topic and would depend on your Linux distro. A good starting point is this.
- bluelogikOct 27, 2020Copper Contributor
Ofer_Shezaf thank you!
- Consultant1520May 27, 2021Copper Contributorbluelogik : Were you able to develop any similar template for linux ?