log files

Pittigher, Raymond - ES Raymond.Pittigher at itt.com
Fri Jun 17 18:32:13 UTC 2011 

_______________________________________
From: LC Bruzenak [lenny at magitekltd.com]
Sent: Friday, June 17, 2011 2:27 PM
To: Pittigher, Raymond - ES
Cc: linux-audit at redhat.com
Subject: Re: log files

On Fri, 2011-06-17 at 14:15 -0400, Pittigher, Raymond - ES wrote:
> What do the users of this list use to read the log files? I have tried
> Spacewalk (which is nice) but is a lot of software to install to read
> logs. I have looked at Prewikka but do not have it totally configured
> yet to give it a OK or not.

My experiences (I assume you specifically mean the audit logs):

Prewikka would be for IDS events only with the prelude plugin.
I use the audit-viewer with pre-constructed list tabs to match events
necessary for verification testing.
For faster results when looking for specific events or investigation, I
use the command line tools aureport and ausearch.

What would be great IMHO is to have a prewikka-like web interface for
the audit events.

HTH,
LCB
--
LC (Lenny) Bruzenak
lenny at magitekltd.com


I also used the au tools (aureport, aufind, etc) but just wanting a average user to view the bad events brings the need of a point a click interface. The people that now read the audit events for the windows servers are spoiled by the cornerbowl tool. I tossed together a little script that dumps the audit events into a array, then sorts them and dumps them out but the users want a red background for bad and so on. Before I went crazy trying to put something together I wanted to see what was out in the wild. I guess something that dumps the files into a MySQL tables would be the easiest to work with.

This e-mail and any files transmitted with it may be proprietary and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender.
Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of ITT Corporation. The recipient should check this e-mail and any attachments for the presence of viruses. ITT accepts no liability for any damage caused by any virus transmitted by this e-mail.

More information about the Linux-audit mailing list