Auth Logs
Overview
Evidence: Auth Logs Description: Collect Auth Logs Category: System Platform: aix Short Name: authl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes
Background
AIX audit logs are stored in the /audit directory and record security-relevant events including authentication attempts, privilege escalation, file access, and system configuration changes. AIX uses its own audit subsystem distinct from other Unix systems.
Data Collected
This collector gathers structured data about auth logs.
Collection Method
This collector gathers AIX audit files from /audit/*, which contains security audit trails including authentication, authorization, and access control events.
Forensic Value
AIX audit logs are essential for investigating unauthorized access, privilege escalation, security policy violations, and compliance auditing. They provide detailed security event tracking critical for forensic investigations on AIX systems.
Notes
Artifact collector for AIX. Locations: /audit/*
Last updated
Was this helpful?

