From mboxrd@z Thu Jan  1 00:00:00 1970
From: Miloslav =?UTF-8?Q?Trma=C4=8D?= <mitr@redhat.com>
Subject: Re: Cooked audit log format
Date: Mon, 12 May 2008 16:09:40 +0000
Message-ID: <1210608580.2649.39.camel@amilo>
References: <482767E0.10506@redhat.com>
	<200805121043.17906.sgrubb@redhat.com> <48285C0C.5070809@redhat.com>
	<200805121119.46856.sgrubb@redhat.com>
	<1210607435.6847.14.camel@homeserver>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: quoted-printable
Return-path: <linux-audit-bounces@redhat.com>
Received: from pobox.stuttgart.redhat.com (pobox.stuttgart.redhat.com
	[172.16.2.10])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m4CGMMep020172
	for <linux-audit@redhat.com>; Mon, 12 May 2008 12:22:23 -0400
Received: from [10.32.4.43] (vpn-4-43.str.redhat.com [10.32.4.43])
	by pobox.stuttgart.redhat.com (8.13.1/8.13.1) with ESMTP id
	m4CGMLR2008555
	for <linux-audit@redhat.com>; Mon, 12 May 2008 12:22:22 -0400
In-Reply-To: <1210607435.6847.14.camel@homeserver>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Hello,
LC Bruzenak p=C3=AD=C5=A1e v Po 12. 05. 2008 v 10:50 -0500:
> Q: Will the (hopefully) soon-to-be released visualization tool have any
> influence on this discussion?
I hope so.

>  Also aggregation?
Probably not much.

> Regardless, my original question was would more cooking find its way
> into the visualization tool? And any idea of when that may be released?
A preliminary version will be easily installable in a few days; you can
download a tarball from https://fedorahosted.org/audit-viewer right now,
but building the required python-gtkextra bindings requires some
effort.[1]

audit-viewer currently uses libauparse to interpret field values, and
does not add its own transformations.  Some additional value
transformation / computation is planned, but I'd like to add it to
libauparse, not directly to audit-viewer, to make sure other tools
behave consistently.
	Mirek

[1] You can extract the necessary patches from the Fedora packaging CVS.