processing audit data

Steve Grubb sgrubb at redhat.com
Sun Dec 9 17:30:04 UTC 2007


On Sunday 09 December 2007 11:41:24 Thorsten Scherf wrote:
> Do we have any plans to ship auditd with some kind of data processing
> tool in the future? 

That depends and what you mean.

> maybe as audispd plugin?

That would be for realtime usage...we plan to do a few for analysis and 
protocol conversion/support.

> just having a single log  file with a bunch of data isn't really helpful,
> although we have tools like ausearch or aureport. customers often ask for
> something more visually. :)

Well, that is different from realtime. And yes we plan a GUI based reporting 
tool. But with the auparse library, it should be easy for anyone to write 
some apps.

-Steve




More information about the Linux-audit mailing list