announcing augrok


HP has a tool called augrok which we've used in our CAPP and LSPP
certifications.  This tool is essentially an alternative to ausearch
with a significantly more powerful query syntax.  Since it's written
in Perl instead of C, it's slower than ausearch, but it provides some
features that make testing audit fun^H^H^Htolerable. ;-)

In the past we've distributed augrok with our test suite at
http://audit-test.sourceforge.net/.  This time around we decided the
tool might be interesting to users outside of the test suite, so we
moved it to its own project.

If anybody is interested in augrok, you can find the releases,
mercurial repository and documentation at

Any questions, feel free to drop me a line.


