log files

Fri Jun 17 21:33:21 UTC 2011

From: LC Bruzenak [lenny at magitekltd.com]
Sent: Friday, June 17, 2011 3:56 PM
To: Pittigher, Raymond - ES
Cc: linux-audit at redhat.com
Subject: Re: log files

On Fri, 2011-06-17 at 15:15 -0400, Pittigher, Raymond - ES wrote:
>
> The plan would be to rotate the log at midnight Saturday, use the
> aureport to read the file and give it some kind of format, dump the data
> into a mysql database, then parse it with php on a apache server with a
> firefox front end. Or something like that.

OK; that was my thinking as well.
Only I roll mine up each day already and move them out of the way.

I think you would likely use a custom program which used the parse libs
to extract the searchable elements from each event.

What I was wondering is if on the front end (cgi+browser-side) you had
something in mind which existed already - or if you would code it up
from scratch with the php-mysql piece?

Thx,
LCB

--
LC (Lenny) Bruzenak
lenny at magitekltd.com

All I know is the PHP/MySQL stuff so that would be the plan. I only asked on the list to see if someone already started it or if something is out in the wild. The module for Spacewalk (and probably satellite) is nice and would probably use Joshua Roys's auc program to clean up the data. I have Prewikka installed on a spare RHEL5 server to test with but it seems that it needs to have something written to handle reading the audit log data. I only started to look at it and was mostly interested in Spacewalk because it is a RedHat program and would fit nicely in our RedHat shop. Using the LAMP stack would also make it easy to connect from anywhere with anything.

This e-mail and any files transmitted with it may be proprietary and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender.
Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of ITT Corporation. The recipient should check this e-mail and any attachments for the presence of viruses. ITT accepts no liability for any damage caused by any virus transmitted by this e-mail.