Event IDEvent message 4671 An application attempted to access a blocked ordinal through the TBS. 4691 Indirect access to an object was requested. 4698 A scheduled task was created. 4699 A scheduled task was deleted. 4700 A scheduled task was enabled. 4701 A scheduled task was disabled. 4702...
Event ID Event message 4671 An application attempted to access a blocked ordinal through the TBS. 4691 Indirect access to an object was requested. 4698 A scheduled task was created. 4699 A scheduled task was deleted. 4700 A scheduled task was enabled. ...
在访问数据库对象(如架构)时,会发生 Audit Database Object Access 事件类。 Audit Database Object Access 事件类的数据列 展开表 数据列名称 数据类型 说明 列ID 可筛选 ApplicationName nvarchar 客户端应用程序的名称,该客户端应用程序创建了指向 MicrosoftSQL Server 实例的连接。此列由应用程序传递的值填充,...
Audit Kernel Object Audit Other Object Access Events Audit Registry Audit Removable Storage Audit SAM Audit Central Access Policy Staging Audit Audit Policy Change Audit Authentication Policy Change Audit Authorization Policy Change Audit Filtering Platform Policy Change ...
Success Audit for Event ID 560, Object Access for user Contoso\John to the object named C:\Share\document.txt with access types READ_CONTROL, ReadData (or ListDirectory), ReadEA, and ReadAttributes User Action 3: User opens the file document.txt 展开表 Events recorded on the end-user co...
the object owner's user ID。当我把audit_test目录的所有者改为lbh用户时,记录如下:ouid为1001。 type=PATH msg=audit(1523516175.932:4172990921): item=0 name="." inode=99213313 dev=08:11 mode=040755 ouid=1001 ogid=0 rdev=00:00 objtype=NORMAL ...
Date The date and time of the event in the local time zone. Event Name Description of the event performed. Event Details Additional details on an event, if available. Object Name The name of the product, product profile, or user group that is involved in the event, as applicable. Affect...
type=USER_LOGIN msg=audit(2019年05月09日 09:58:07.647:537) : pid=6772 uid=root auid=unset ses=unset msg='op=login acct=root exe=/usr/sbin/sshd hostname=? addr=192.168.9.165 terminal=ssh res=failed' --- type=USER_LOGIN msg=audit(2019年05月10日 03:06:53.549:2317) : pid=5003...
Audit Backup & Restore Event Class Audit Broker Conversation Event Class Audit Broker Login Event Class Audit Change Audit Event Class Audit Change Database Owner Event Class Audit Database Management Event Class Audit Database Mirroring Login Event Class Audit Database Object Access Event Class Audit...
auditctl -aexit,always -F arch=b32 -F auid=0 -S execve -k op_sec_cmd 持续生效: /etc/audit/audit.rules 添加如下规则: #删除所有规则 auditctl -D #监控execve系统调用 -aexit,always -F arch=b64 -F auid=0 -S execve -k op_sec_cmd ...