Explore the Linux Kernel Audit Subsystem in this comprehensive conference talk by Vandana Salve from Prasme Systems. Gain insights into the architecture and principles of Linux kernel auditing, understanding its usefulness and components. Learn how to set up and configure the audit system, including the audit daemon and rules. Discover various audit subsystem tools and techniques for monitoring system objects, security configuration files, and filtering system call arguments. Delve into the inner workings of the audit subsystem and understand how audit event records are generated. This in-depth presentation provides a thorough overview of monitoring Linux systems using the Kernel Audit Subsystem, equipping you with valuable knowledge for enhancing system security and compliance.