Linux User Activity

The Linux User Activity dashboard logs come in either local system time or UTC time if that was selected in the agent. So any activity needs to factor in the time difference for your timezone. Some parts of the dashboard only show data for the last 4 hours as cloud logs can generate massive volume of events. If longer search times are desired then its best to use the event search feature to search for logs over longer time period.

Selecting a chart component such as the pie segment, graph item will link through to the Text Details tabular output where you can search and perform additional filtering of the selected data and time period.

The dashboard contains the following widgets.

  • Log Activity - This shows the login and logout activity for today.

  • Login-Logouts Activity - The Login-logout activity shoes the values related to the number of logins that auth, start, and logout.

  • Login-Logouts by RUID - This shows the Real User ID associated with the login with the actual login

  • Process Activity - This shows the path of the process and commands being run on the systems.

  • Log Activity by System - This shows the general login activity associated with each system.

  • Login-Logouts by EUID User - This shows the effective user id and related to when someone uses su or sudo type commands to impersonate another user.

  • Process Activity by EUID User - This shows the process commands associated with each effective user.

  • Logs by EventID - This shows a summary view of each Linux EventID on the systems.

  • Logs by EUID Group - This shows the log activity from when the effective group permission is used to run a Linux command.

  • Text Details - the drill through of the selected items in the widgets.

image-20240215-065341.png

Â