log files
LC Bruzenak
lenny at magitekltd.com
Fri Jun 17 18:27:00 UTC 2011
On Fri, 2011-06-17 at 14:15 -0400, Pittigher, Raymond - ES wrote:
> What do the users of this list use to read the log files? I have tried
> Spacewalk (which is nice) but is a lot of software to install to read
> logs. I have looked at Prewikka but do not have it totally configured
> yet to give it a OK or not.
My experiences (I assume you specifically mean the audit logs):
Prewikka would be for IDS events only with the prelude plugin.
I use the audit-viewer with pre-constructed list tabs to match events
necessary for verification testing.
For faster results when looking for specific events or investigation, I
use the command line tools aureport and ausearch.
What would be great IMHO is to have a prewikka-like web interface for
the audit events.
HTH,
LCB
--
LC (Lenny) Bruzenak
lenny at magitekltd.com
More information about the Linux-audit
mailing list