Blumira’s modern cloud SIEM platform integrates with Linux auditd to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected.
When configured, the Blumira integration with Auditd will stream audit event logs to the Blumira service for automated threat detection and actionable response.
Get visibility, detect and respond to threats faster:
See how easy it is to set up Blumira with Linux Journald for log ingestion:
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.
Required Blumira Module: Logger
This article assumes you have already set up log ingestion for the actual Linux Operating System. If you haven’t set that up yet, head over to the integration documentation and set it up quickly – https://www.blumira.com/integration/linux/
/etc/audisp/plugins.d/syslog.confwith sudo and your preferred editor, change the option active to yes, the config should look like the following:# This file controls the configuration of the syslog plugin.
/etc/audit/auditd.confwith sudo and your preferred editor, replace log_format = RAW with log_format = ENRICHED, the config should look like the following:
No other options need to be changed in the auditd configuration for log forwarding. The auditd events will now flow into the rsyslogd syslog socket.
At this point the configuration is complete. The logs can also be found in
/var/log/messages (or similar catchall log file on your OS) with the journal namespace. The Blumira configuration in
/etc/rsyslog.d/ that is handling linux log forwarding will automatically forward the logs.