Which command provides enhanced logging for security management in Linux?

The command that provides enhanced logging for security management in Linux is auditd. The audit daemon, known as auditd, is responsible for writing audit records to the disk and is an integral part of the Linux Auditing System. It tracks security-relevant events, enabling administrators to monitor system calls, file accesses, and other actions that could impact system integrity and security.

Using auditd, system administrators can configure detailed audit rules to specify what kinds of actions they want to monitor. This includes logging processes that interact with sensitive files or directories, ensuring compliance with security policies, and detecting anomalous behavior. The resulting logs provide valuable insights into system security and can be analyzed for compliance with standards or for forensic purposes in the event of a security incident.

In contrast, other options serve different purposes. For instance, syslog is a standard logging system for various types of events on the system but does not specifically focus on security-related auditing. Logger is a utility for making entries in the syslog from the command line, and logrotate is used for managing log files by rotating, compressing, and removing them but lacks the targeted security audit features of auditd. Thus, for enhanced security logging specifically, auditd is the appropriate choice.