62 questions
Does Syslog in Linux include PID information like SecurityEvent log in Windows?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 94%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECJ%3C/text%3E%3C/svg%3E)
CJ Jung
0
Reputation points
Hi
I wonder why syslog collected in Linux does not have PID information.
Is there any way to collect PID and PPID information from Linux?
For example, in Windows, SecurityEvent log include information about PID (i.e., which command is executed), so that users can trace back which process is called by which process.
Maybe it can be possible by configuring something, but I don't see this in Linux.
Anyone can give me a help?
Is creating custom log only way to do this?
Microsoft Security | Intune | Microsoft Intune Linux
Sign in to answer