Description
Installs the user-space tools and service used by the Linux audit framework to record security-relevant system events, such as policy changes, access decisions, and selected command activity.
Administrators use auditctl, ausearch, and the auditd service to configure and inspect audit logs. It is a system security component, so rules should be planned carefully to avoid missing events or filling storage with logs.