Attention This documentation does not apply to the most recent version of Wazuh. Check out the docs for the latest version.

Monitoring system calls

The Linux Audit system provides a way to track security-relevant information on your machine. Based on preconfigured rules, Audit proves detailed real-time logging about the events that are happening on your system. This information is crucial for mission-critical environments to determine the violator of the security policy and the actions they performed.