How to read audit log?
Wieprecht, Karen M.
Karen.Wieprecht at jhuapl.edu
Tue Sep 25 14:50:13 UTC 2007
>> Your best bet might be to use the auparse library, or ausearch which
knows how to interpret the audit log format for you and can present the
>> information in a human friendly format.
I would really like to see a sample of what the auparse output looks
like. I have a Perl script that sucks the output of ausearch into a
key-value hash table from which I have other code that determines how to
print this in a human friendly format, but I'm wondering if auparse
can replace that or if all it does for me is to get the information into
the key-value hash table so I can decide how I want to format the output
... Anyone have a sample of what they have done with any particular
record type and what auparse does with it on the output end?
Thanks,
Karen Wieprecht
More information about the Linux-audit
mailing list