Auth Logs

Overview

Evidence: Auth Logs Description: Collect Auth Logs Category: System Platform: aix Short Name: authl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

AIX audit logs are stored in the /audit directory and record security-relevant events including authentication attempts, privilege escalation, file access, and system configuration changes. AIX uses its own audit subsystem distinct from other Unix systems.

Data Collected

This collector gathers structured data about auth logs.

Collection Method

This collector gathers AIX audit files from /audit/*, which contains security audit trails including authentication, authorization, and access control events.

Forensic Value

AIX audit logs are essential for investigating unauthorized access, privilege escalation, security policy violations, and compliance auditing. They provide detailed security event tracking critical for forensic investigations on AIX systems.

Notes

Artifact collector for AIX. Locations: /audit/*