"auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Viewing the logs is done with the ausearch or aureport utilities."
Slide 7
Monitor File and network access System calls Commands run by a user Security events