The Linux Audit Subsystem: Deep Dive

A presentation at IBM SHARE Denver in in Denver, CO, USA by Shawn Wells

Why is Linux auditing needed? What can it do for me? How does it work? How do events get audited? How do I make sense of all the data? What is the difference between Linux’s syslog and audit facilities?