Tools for reviewing audit logs ?
Wieprecht, Karen M.
Karen.Wieprecht at jhuapl.edu
Tue Dec 12 22:08:30 UTC 2006
Steve, I'm testing the RHEL4 audit 1.0.14 now with the sample capp.rules
, and I am generating data. UGLY data. I am wondering what
tools/GUIs/scripts people are using to look at this data. I've written
scripts for Solaris and Irix and mac OSX to parse the audit data into a
more English-like format so it helps our admins review the logs. If I
need to, I can use your faq example and get the audit records to be one
per line and write my own script to parse this, but I don't want to
reproduce effort if there are nice scripts or GUIs available already.
My google searches are leading off on lots of tangents, but I can't seem
to find what I'm after (or perhaps stuff just isn't out there?). Any
hints/tips/pointers you can provide would be greatly appreciated.
Thanks,
Karen Wieprecht
More information about the Linux-audit
mailing list