About the System Auditing module

The System Auditing module reports the security events that are audited for failure or success and what happens when the log file is full.

System auditing helps you identify unauthorized users and provides valuable tracking information during or after a break-in.

Some checks report messages that you can use to update template or snapshot files to match current agent settings. Other checks report the messages that you can use to reverse agent settings or disable user accounts. Updatable and correctable messages are identified as TU, SU, or C type messages in the descriptions of checks that use them.