[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fields availability for each record type



People,

 I know this may be a FAQ, but I need to map Linux audit
events/records/fields into a CSV with predefined column meanings,
possibly one event per line. ie.: userid; source; subject; action;
object;

I was thinking in using the python auparse library to do such thing.
Problem is, how can I know what fields each record type will have, and
what records can I expect from a certain event (I know there is no such
thing as event type, but would be good to know what other records are
available when, for example, a LOGIN or USYS_CONFIG record comes in).

Maybe I can accomplish the same thing with ausearch/aureport?

Thanks for any thoughts,

 Klaus


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]