From mboxrd@z Thu Jan  1 00:00:00 1970
From: LC Bruzenak <lenny@magitekltd.com>
Subject: Re: Announcing audit-viewer
Date: Tue, 27 May 2008 10:20:41 -0500
Message-ID: <1211901641.6568.29.camel@homeserver>
References: <1210932706.2822.45.camel@amilo>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <1210932706.2822.45.camel@amilo>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Miloslav =?UTF-8?Q?Trma=C4=8D?= <mitr@redhat.com>
Cc: linux-audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Mirek,

First thing I want to say is that this is a really good first release
tool! There are a lot of things I like and so far not a lot I don't.
I have a couple of questions though:

1: The filters all seem to work fine, and I like the ability to store
the filter config. One thing I believe would be helpful, though, it to
have a way of temporarily filtering from the main screen without having
to add a specific filter, save it and then later remove it.
Like a "filter on": button added near the "Edit". It would need a
corresponding "clear" to reset. I recall my own use of the handy
Evolution mail search tool.

2: I'd also like to be able to launch results in a new window. The
reason for this is I see how helpful it would be to see, as an example,
a side-by-side audit comparison between hosts. What I'd do is filter on
a particular hostname & open that in a new window. Then I'd filter on a
different hostname and open those results in a new window. Then I could
easily compare what 2 different machines audit results look like. This
would be in a situation where I am seeing some audit anomaly or some key
in the audit data on one host but not another.

I'd consider these to be non-critical enhancements because I can do
everything I say above in (1) by making more filter configs and loading
those. I can also do the request in (2) by launching multiple
audit-viewers and then manipulating as desired.

But so far in my testing these are the things I see which would be
helpful and I thought you would appreciate some feedback. Again, kudos
on a nice initial release!

LCB.
-- 
LC (Lenny) Bruzenak
lenny@magitekltd.com