Auth Logs
Overview
Section titled “Overview”Evidence: Auth Logs
Description: Collect Auth Logs
Category: System
Platform: aix
Short Name: authl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”AIX audit logs are stored in the /audit directory and record security-relevant events including authentication attempts, privilege escalation, file access, and system configuration changes. AIX uses its own audit subsystem distinct from other Unix systems.
Data Collected
Section titled “Data Collected”This collector gathers structured data about auth logs.
Collection Method
Section titled “Collection Method”This collector gathers AIX audit files from /audit/*, which contains security audit trails including authentication, authorization, and access control events.
Forensic Value
Section titled “Forensic Value”AIX audit logs are essential for investigating unauthorized access, privilege escalation, security policy violations, and compliance auditing. They provide detailed security event tracking critical for forensic investigations on AIX systems.
Artifact collector for AIX. Locations: /audit/*