processing audit data

processing audit data

[Thorsten Scherf]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

HI folks,

wo we have any plans to ship auditd with some kind of data processing
tool in the future? maybe as audispd plugin? just having a single log
file with a bunch of data isn't really helpful, although we have tools
like ausearch or aureport. customers often ask for something more
visually. :)

Thanks,
Thorsten

- --
Life is complicated, sendmail.cf reflects this!


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHXBq0wfkoLTuSgLsRAtUFAJsFg1Sga8AYFmqEOy70CcCcp5kknACglTY3
mIgugCnhnnrYWzR+0fFyW9g=
=rFNq
-----END PGP SIGNATURE-----

Re: processing audit data

[Steve Grubb]

On Sunday 09 December 2007 11:41:24 Thorsten Scherf wrote:
> Do we have any plans to ship auditd with some kind of data processing
> tool in the future? 

That depends and what you mean.

> maybe as audispd plugin?

That would be for realtime usage...we plan to do a few for analysis and 
protocol conversion/support.

> just having a single log  file with a bunch of data isn't really helpful,
> although we have tools like ausearch or aureport. customers often ask for
> something more visually. :)

Well, that is different from realtime. And yes we plan a GUI based reporting 
tool. But with the auparse library, it should be easy for anyone to write 
some apps.

-Steve