Represents an audit log entry that contains standard audit attributes and auditData specific to the Microsoft 365 service.
ausearch -a 5207#搜寻当期audit服务中event ID等于5207的log---time->Tue Feb 17 13:43:58 2009type=PATH msg=audit(1234874638.599:5207): item=0 name="/var/log/audit/audit.log" inode=1219041 dev=08:06 mode=0100644 ouid=0 ogid=0 rdev=00:00type=CWD msg=audit(1234874638.599:5207): cwd="...
type=SYSCALL 每条记录都是以type=”keyword“开头,SYSCALL表示这条记录是向内核的系统调用触发产生的。更详细的type值和解释可以参考:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-Audit_Record_Types msg=audit(1523501777.709:4172989316) 在audit(time_stamp:...
For a list of the services and features that support audited activities, see Audit log record type. Audit search tool in the Microsoft Purview compliance portal. Organizations can use the Audit log search tool in the Microsoft Purview compliance portal to search for audit records. ...
You can also use the name or enum value for the record type as the value for theRecordTypeparameter. For a list of record type names and their corresponding enum values, see theAuditLogRecordTypetable inOffice 365 Management Activity API schema. ...
For more information, see Export, configure, and view audit log records. You can also use the Search-UnifiedAuditLog -RecordType ExchangeAdmin command in Exchange Online PowerShell to return only audit records from the Exchange admin audit log. It may take up to 30 minutes after an Exchange ...
The Application Audit logs monitor and record any configuration changes to the system that were made by a user or as a result of the user action. Note The Application Audit Logs (Linux auditd) can be enabled or disabled only through the CLI. Other than...
keyType=’2’ encrType=’2’ keySize=’1024’ pubKey=’’ privKey=’’ fingerPrint=’’ fingerPrintRaw=’’ lastModifiedBy=’acmin@console’ lastModifiedDate=’2009-03-05 15:51:39> </sshPubKeyRecord Audit Log Format for HTTP Headers ...
SlowLogRecord object SQL 记录列表。 HostAddress string 执行目标 SQL 的客户端 IP 地址和端口号。 100.104.XX.XX:43908 Succeed string 目标SQL 是否执行成功。取值说明: true:执行成功。 false:执行失败。 true SQLText string SQL 语句详情。 SELECT * FROM adb_hdfs_import_source TotalTime string 目标SQL...
SlowLogRecord object 列表。 HostAddress string 执行目标 SQL 的客户端 IP 地址和端口号。 100.104.XX.XX:43908 Succeed string 目标SQL 是否执行成功。取值说明: true:执行成功。 false:执行失败。 true SQLText string SQL 语句详情。 SELECT * FROM tb_courses TotalTime string 目标SQL 的执行时长,单位:毫...