From mboxrd@z Thu Jan 1 00:00:00 1970 From: LC Bruzenak Subject: Re: log files Date: Fri, 17 Jun 2011 13:27:00 -0500 Message-ID: <1308335220.7213.6.camel@lcb> References: <6815A555A0B82148AEFE4966093BBBF5366DD7A644@USFWA1EXMBX3.itt.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mx1.redhat.com (ext-mx12.extmail.prod.ext.phx2.redhat.com [10.5.110.17]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id p5HIR8Mw007541 for ; Fri, 17 Jun 2011 14:27:08 -0400 Received: from webserver.magitekltd.com (rrcs-24-242-137-197.sw.biz.rr.com [24.242.137.197]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p5HIR7Qg006775 for ; Fri, 17 Jun 2011 14:27:08 -0400 In-Reply-To: <6815A555A0B82148AEFE4966093BBBF5366DD7A644@USFWA1EXMBX3.itt.net> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: "Pittigher, Raymond - ES" Cc: "linux-audit@redhat.com" List-Id: linux-audit@redhat.com On Fri, 2011-06-17 at 14:15 -0400, Pittigher, Raymond - ES wrote: > What do the users of this list use to read the log files? I have tried > Spacewalk (which is nice) but is a lot of software to install to read > logs. I have looked at Prewikka but do not have it totally configured > yet to give it a OK or not. My experiences (I assume you specifically mean the audit logs): Prewikka would be for IDS events only with the prelude plugin. I use the audit-viewer with pre-constructed list tabs to match events necessary for verification testing. For faster results when looking for specific events or investigation, I use the command line tools aureport and ausearch. What would be great IMHO is to have a prewikka-like web interface for the audit events. HTH, LCB -- LC (Lenny) Bruzenak lenny@magitekltd.com