organizing the audit messages
Don Patterson
don.patterson at tresys.com
Fri Jun 18 16:02:32 UTC 2004
It sounds like you may be able to use the seaudit tool that comes with the
setools package. Here is a brief overview of the tool:
SeAudit is an audit log analysis tool for Security Enhanced Linux (SE Linux)
audit messages. The tool parses a given syslog and extracts all load policy
messages, AVC messages and change of boolean messages from conditional
policies. SeAudit also provides real-time log monitoring.
The tool has three main functions:
1) Browse and sort SE Linux audit messages.
2) Filter an audit log based on fields in the messages.
3) Query the policy based on data from a given audit message.
You can also use globbing expressions to construct more flexible search
filters. Check it out
(http://www.tresys.com/selinux/selinux_policy_tools.html) and see if it
meets your goals. We would welcome any feedback based upon your experience
with our tool(s). Thank you.
-Don
-----Original Message-----
From: fedora-selinux-list-bounces at redhat.com
[mailto:fedora-selinux-list-bounces at redhat.com] On Behalf Of Ismail
Iyigunler
Sent: Friday, June 18, 2004 7:43 AM
To: fedora-selinux-list at redhat.com
Subject: organizing the audit messages
Hi
Can we compose the audit messages for building a simple database to find
which
user with which security context, executed which command and when he/she did
this ? How can we build this ?
Thanks!
-------------------------------------------------
This mail sent through IMP: http://webmail.students.itu.edu.tr
--
fedora-selinux-list mailing list
fedora-selinux-list at redhat.com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list