log rendering in real time in audit-viewer
Miloslav Trmač
mitr at redhat.com
Wed Mar 4 17:50:53 UTC 2015
Hello,
> Hello Miloslav, and all the guys!
>
> We use audit-viewer for events monitoring.
> Unfortunately, if some log is rather big it takes to much time for
> audit-viewer to parse and render it.
> Besides, we need to render log updates in real time, i.e. when a new line
> appears in a log, it should appear in a viewer too.
> Can you suggest the better way to extend audit-viewer to meet these
> requirements?
Well, write the code? Something like inotify could be useful. There isn’t any hidden switch to enable these features, if that is what you are asking.
As for performance, I may have missed something but I think I have squeezed as much as can be done with Python; improving performance further would very likely require a C extension.
(audit-viewer is a PyGtk2 application, and at I’m afraid I don’t currently have plans to port it to GTK+3/gobject-introspection or do any other non-trivial work on the project, at least in the near term.)
Mirek
More information about the Linux-audit
mailing list