Re: Announcing audit-viewer

[LC Bruzenak <lenny@magitekltd.com>]

Mirek,

First thing I want to say is that this is a really good first release
tool! There are a lot of things I like and so far not a lot I don't.
I have a couple of questions though:

1: The filters all seem to work fine, and I like the ability to store
the filter config. One thing I believe would be helpful, though, it to
have a way of temporarily filtering from the main screen without having
to add a specific filter, save it and then later remove it.
Like a "filter on": button added near the "Edit". It would need a
corresponding "clear" to reset. I recall my own use of the handy
Evolution mail search tool.

2: I'd also like to be able to launch results in a new window. The
reason for this is I see how helpful it would be to see, as an example,
a side-by-side audit comparison between hosts. What I'd do is filter on
a particular hostname & open that in a new window. Then I'd filter on a
different hostname and open those results in a new window. Then I could
easily compare what 2 different machines audit results look like. This
would be in a situation where I am seeing some audit anomaly or some key
in the audit data on one host but not another.

I'd consider these to be non-critical enhancements because I can do
everything I say above in (1) by making more filter configs and loading
those. I can also do the request in (2) by launching multiple
audit-viewers and then manipulating as desired.

But so far in my testing these are the things I see which would be
helpful and I thought you would appreciate some feedback. Again, kudos
on a nice initial release!

LCB.
-- 
LC (Lenny) Bruzenak
lenny@magitekltd.com