audit_log_user_comm_message - Linux


audit_log_user_comm_message is a Linux tool for generating custom messages to be audited by auditd. It allows admins to create detailed audit records associated with specific user processes and commands.


audit_log_user_comm_message [options] <text>


  • -a Specify audit user-commands based on the pid field of the command’s execution instead of the comm field.
  • –null Allow input to be read from stdin and interpret it as null-terminated strings.
  • -q Suppress the header line from output.


Log a message for a specific command:

audit_log_user_comm_message "command executed"

Log a message associated with a running process:

audit_log_user_comm_message -a "process message"

Log multiple messages from stdin:

echo "msg1" | audit_log_user_comm_message
echo "msg2" | audit_log_user_comm_message --null

Common Issues

  • Ensure auditd is running and listening to events.
  • Double-check the permissions of the executable file to ensure it’s accessible.
  • Verify that the user running the command has the necessary privileges to write to the audit log.


audit_log_user_comm_message can be integrated into custom scripts or automated processes to create detailed audit trails. It can be combined with log analysis and monitoring tools for centralized viewing and archiving of audit records.

Related Commands

  • auditctl – Configures audit system settings.
  • aureport – Parses audit trails and generates reports of events.