How do I configure the user tty Dashboard in Linux auditd app? I have the Linux audit app running on my indexer and I know I have to configure my forwarder in order for the keystroke logging to work but the documentation for the Linux auditd app that shows how to configure this is not helping. I followed the documentation instructions for adding the changes to the password-auth and system-auth files under the pam.d directory and I can't get it to work. Is there any more changes I need to make? Nothing in the user tty dashboard will populate. Is there any other info or documentation that could possibly help?
Assume you have run the " Configure Dashboard " ? Try running it for " All time " this will populate your learnt_posix_identities KVStore collection .
From there - to test TTY , explicitly enter a POSIX user ( rather than use the wild card ) in the appropriate field on the User TTY dashboard .
Works well in my environment