14.8. Logging USBguard authorization events to the Linux Audit log

PDF

Use the following steps to integrate logging of USBguard authorization events to the standard Linux Audit log. By default, the usbguard daemon logs events to the /var/log/usbguard/usbguard-audit.log file.

Conditions préalables

The usbguard service is installed and running.
The auditd service is running.

Procédure

Edit the usbguard-daemon.conf file with a text editor of your choice:
```
# vi /etc/usbguard/usbguard-daemon.conf
```
Change the AuditBackend option from FileAudit to LinuxAudit:
```
AuditBackend=LinuxAudit
```
Restart the usbguard daemon to apply the configuration change:
```
# systemctl restart usbguard
```

Vérification

Query the audit daemon log for a USB authorization event, for example:
```
# ausearch -ts recent -m USER_DEVICE
```

Ressources supplémentaires

usbguard-daemon.conf(5) man page.

14.8. Logging USBguard authorization events to the Linux Audit log

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Rendre l’open source plus inclusif

À propos de Red Hat

Red Hat legal and privacy links

Red Hat legal and privacy links