log rendering in real time in audit-viewer

[Steve Grubb]

On Wednesday, March 04, 2015 12:50:53 PM Miloslav Trmač wrote:
> Hello,
> 
> > Hello Miloslav, and all the guys!
> > 
> > We use audit-viewer for events monitoring.
> > Unfortunately, if some log is rather big it takes to much time for
> > audit-viewer to parse and render it.
> > Besides, we need to render log updates in real time, i.e. when a new line
> > appears in a log, it should appear in a viewer too.
> > Can you suggest the better way to extend audit-viewer to meet these
> > requirements?
> 
> Well, write the code?  Something like inotify could be useful.  There isn’t
> any hidden switch to enable these features, if that is what you are asking.
> 
> As for performance, I may have missed something but I think I have squeezed
> as much as can be done with Python; improving performance further would
> very likely require a C extension.

And it also uses the auparse library underneath which might could use some 
speeding up. There were some performance improvements over the last year. But 
I don't know if that is enough to be noticeable in a high level application. 
But it would be another obvious place that could be a performance bottleneck.

-Steve
 
> (audit-viewer is a PyGtk2 application, and at I’m afraid I don’t currently
> have plans to port it to GTK+3/gobject-introspection or do any other
> non-trivial work on the project, at least in the near term.) Mirek