processing audit data
Steve Grubb
sgrubb at redhat.com
Sun Dec 9 17:30:04 UTC 2007
On Sunday 09 December 2007 11:41:24 Thorsten Scherf wrote:
> Do we have any plans to ship auditd with some kind of data processing
> tool in the future?
That depends and what you mean.
> maybe as audispd plugin?
That would be for realtime usage...we plan to do a few for analysis and
protocol conversion/support.
> just having a single log file with a bunch of data isn't really helpful,
> although we have tools like ausearch or aureport. customers often ask for
> something more visually. :)
Well, that is different from realtime. And yes we plan a GUI based reporting
tool. But with the auparse library, it should be easy for anyone to write
some apps.
-Steve
More information about the Linux-audit
mailing list