Machine readable ausearch output
Steve Grubb
sgrubb at redhat.com
Tue Jun 21 16:40:31 UTC 2005
On Tuesday 21 June 2005 11:57, John D. Ramsdell wrote:
> There are many choices available for machine readable output. Let me
> list four.
These seem simple enough that something like awk or perl might be able to do
it for you. This means piping ausearch output to awk/perl and then to your
program that consumes it.
In the next round of development, I am planning to allow extracting ausearch
data into a database such as sqllite. This is to facilitate the audit
explorer tool.
I am also planning to pull the ausearch program apart and make a library that
people could use to access records programmatically. It might be better to
use this to create a translator program.
The other area that will be developed is the ability to subscribe for event
notification. No format has been chosen for event notification at this point.
Do any of these sound like they align with your needs?
-Steve
More information about the Linux-audit
mailing list