about audit deamon

dear friends,

I want to configure auditd in my server for example
if some user has delete file i want to find which users as deleted that file.how should i configure it please help me it a project for me i want to implement on monday.




***********
Vijayan Linux
***********

I never used it but I took a quick look at the man pages. In your case, it appears that you would start with the audit_user command.
The auditd man page recommends that you use the audit command to start the daemon but I would make sure that the daemon started by using the ps command.
Run man audit_user for the syntax. Start the audit and then check /var/audit to see if it's entering the information that you want. The related commands are:
audit_user
audit_event
audit_control
auditd
Read the man pages for all of them.

Hi,

Thanks for reply

I have try in my end it is not that much difficult it so easy.

**********
Vijayan linux
*********