audit:Monitor
Monitor system activities
Telemetry Sensor Path(s)
Configurable Properties
| PROPERTY NAME | DATA TYPE | DESCRIPTION | PERMITTED VALUES |
|---|---|---|---|
| all | scalar:Bool |
Monitor all the rules | SELECTION: true or false DEFAULT: false |
| authlogFiles | scalar:Bool |
Monitor authlog files | SELECTION: true or false DEFAULT: false |
| cronFiles | scalar:Bool |
Monitor cron files | SELECTION: true or false DEFAULT: false |
| dnsClientFiles | scalar:Bool |
Monitor dns client files | SELECTION: true or false DEFAULT: false |
| docker | scalar:Bool |
Monitor docker | SELECTION: true or false DEFAULT: false |
| guestShell | scalar:Bool |
Monitor commands executed in guest-shell | SELECTION: true or false DEFAULT: false |
| kernelModuleMgmt | scalar:Bool |
Monitor kernel module management | SELECTION: true or false DEFAULT: false |
| processAudit | scalar:Bool |
Monitor process audit | SELECTION: true or false DEFAULT: false |
| systemLogFiles | scalar:Bool |
Monitor system log files | SELECTION: true or false DEFAULT: false |
| systemLoginReboot | scalar:Bool |
Monitor system login and reboot | SELECTION: true or false DEFAULT: false |
| systemSoftware | scalar:Bool |
Monitor system software | SELECTION: true or false DEFAULT: false |
| systemTimeChange | scalar:Bool |
Monitor system time change | SELECTION: true or false DEFAULT: false |
| userGroupConfigFiles | scalar:Bool |
Monitor user group config files | SELECTION: true or false DEFAULT: false |
| userPrivilegeMgmt | scalar:Bool |
Monitor user privilege mgmt | SELECTION: true or false DEFAULT: false |
Internal Properties
| PROPERTY NAME | DATA TYPE | DESCRIPTION | POSSIBLE VALUES |
|---|---|---|---|
| modTs | mo:TStamp (scalar:Date) |
The time when this object was last modified. | SELECTION: 0 - never DEFAULT: never |
| status | mo:ModificationStatus (scalar:Bitmask32) |
The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |