Clone this wiki locally
The Linux Audit Documentation project is intended to hold documentation and specifications related to the Linux Audit project.
We have a page describing the process for reporting and bugs and requesting features.
All upstream discussion happens on the Linux Audit mailing list.
Documents on using and configuring audit.
Several audit specification documents exist to describe the proper behavior of the Linux Audit system.
Writing Audit Events
Audit System Lifecycle Events
Audit User Account Lifecycle Events
Audit User Login Lifecycle Events
Virtualization Manager Guest Lifecycle Events
Audit Event Parsing Library
Audit State Diagram
Audit Daemon Real Time Event Interface
Audit Event Enrichment
Audit Field Dictionary
Audit Message Ranges
Audit Message Dictionary
Beyond the documents above, the wikis for the kernel audit subsystem and audit userspace have information specific to their respective projects.
The audit presentations are listed on the page below.