Linux File Activity

Owned by Steve Challans
Last updated: Feb 15, 2024
2 min read

The Linux File Activity logs come in either local system time or UTC time if that was selected in the agent. So any activity needs to factor in the time difference for your timezone. Some parts of the dashboard only show data for the last 4 hours as cloud logs can generate massive volume of events. If longer search times are desired then its best to use the event search feature to search for logs over longer time period.

Selecting a chart component such as the pie segment, graph item will link through to the Text Details tabular output where you can search and perform additional filtering of the selected data and time period.

The dashboard contains the following widgets.

  • File Activity - showing the overall rate of file activity on the Linux systems for today.

  • File Activity by Process - the source program that was performing the file operations ie vi, touch etc

  • File Activity by Target - the actual files that were generating the file events of the access or change.

  • File Activity by System - showing the specific systems that are generating the events.

  • File Activity by RUID - the real userid that was performing the activity.

  • File Activity by EUID - the effective userid that was performing the change. This matches the ID based in the password on the host.

  • Text Details - shows the drill down on the actual raw event.

  • image-20240215-032532.png

    Â