May 18 2020 09:36 AM
Hello everyone,
I would like to see if there is a way to query "Event Log Cleared" on Linux system(s), in particular, what the events look like when/after being cleared? For example, for Windows, its EventID 1102, so I am curious to find out if there is something similar for Linux systems.
Thank you!
Jun 10 2020 11:38 PM
@bluelogik : logs are stored in files in Linux and I believe the "1102" for Linux would be a file delete event for those files (usually in /var/log). How to monitor file activity events in Linux is a large topic and would depend on your Linux distro. A good starting point is this.
May 27 2021 06:15 AM