Why do we need audit log? Having detailed audit logs helps companies monitor data and keep track of potential security breaches or internal misuses of information. They help to ensure users follow all documented protocols and also assist in preventing and tracking down fraud.
What is audit log in Linux? The Linux Audit framework is a kernel feature (paired with userspace tools) that can log system calls. For example, opening a file, killing a process or creating a network connection. These audit logs can be used to monitor systems for suspicious activity.
What is the difference between auditing and logging? The difference is more in usage than in technique. Auditing is used to answer the question “Who did what?” and possibly why. Logging is more focussed on what’s happening.
What is difference between syslog and audit log? Syslog and the audit subsystem have different purposes – syslog is a general logging daemon available for any application or the system to use for any reason. The audit daemon’s job is to track specific activities or events to determine who did what and when.