XpoLog 7 brings your data into a new age of log analysis and management. While the industry is focused on developing advanced search abilities and simplifying log analysis, nobody has been able to resolve the persistent issues of the long, complex and tedious deployments. Up until today! XpoLog 7 is proud to offer full automation of the entire log management lifecycle!

The Linux Audit framework is a kernel feature (paired with userspace tools) that can log system calls. For example, opening a file, killing a process or creating a network connection. These audit logs can be used to monitor systems for suspicious activity.

If you run the audit daemon on your Linux distribution you might notice that some of the most valuable information produced by auditd is not transmitted when you enable syslog forwarding to Graylog. By default, these messages are written to /var/log/audt/audit.log, which is written to file by the auditd process directly and not sent via syslog.