From: Steve Grubb <sgrubb@redhat.com>
To: James Antill <jantill@redhat.com>
Cc: linux-audit@redhat.com, "Wieprecht,
Karen M." <Karen.Wieprecht@jhuapl.edu>
Subject: Re: How to read audit log?
Date: Tue, 25 Sep 2007 13:02:46 -0400 [thread overview]
Message-ID: <200709251302.47171.sgrubb@redhat.com> (raw)
In-Reply-To: <1190738632.22109.54.camel@code.and.org>
On Tuesday 25 September 2007 12:43:52 James Antill wrote:
> > Yes. It would let you write an app that is more efficient than using perl
> > on ausearch output.
>
> That's not really true,
Sure it is. perl cannot do the interpretations. So you'd have to spend time
writing all that code and maintain it or use ausearch to provide you that
functionality.
> and when it is true it's only because ausearch is so slow at doing "cat":
It does a lot more than "cat". For example, it understands the ordering
requirements of the logs and searches them in the correct order. It also
assembles the records into an event before presenting them. It interprets
some of the data so that its more usable even if you don't ask for a full
interpretation.
-Steve
next prev parent reply other threads:[~2007-09-25 17:02 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-25 13:21 How to read audit log? Scott Ehrlich
2007-09-25 14:33 ` Steve Grubb
2007-09-25 14:34 ` John Dennis
2007-09-25 14:50 ` Wieprecht, Karen M.
2007-09-25 15:02 ` Steve Grubb
2007-09-25 16:43 ` James Antill
2007-09-25 17:02 ` Steve Grubb [this message]
2007-09-25 17:47 ` Todd, Charles
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200709251302.47171.sgrubb@redhat.com \
--to=sgrubb@redhat.com \
--cc=Karen.Wieprecht@jhuapl.edu \
--cc=jantill@redhat.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox