From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dan Gruhn Subject: Audit Logs and EventLog Analyzer Date: Wed, 14 Jan 2009 13:56:57 -0500 Message-ID: <496E3579.4030505@groupw.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n0EIvCMQ014894 for ; Wed, 14 Jan 2009 13:57:12 -0500 Received: from smtp.group-w-inc.com (group-w-inc.com [70.164.45.3]) by mx3.redhat.com (8.13.8/8.13.8) with ESMTP id n0EIuwHe027847 for ; Wed, 14 Jan 2009 13:56:58 -0500 Received: from smtp.group-w-inc.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id E2A43DA009F for ; Wed, 14 Jan 2009 13:56:57 -0500 (EST) Received: from [10.1.1.218] (dgruhn-f9.group-w-inc.com [10.1.1.218]) by smtp.group-w-inc.com (Postfix) with ESMTP id AC9E2DA0094 for ; Wed, 14 Jan 2009 13:56:57 -0500 (EST) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com I'm currently using AdventNet's EventLog Analyzer for auditing of a secure Windows machine and thought it would be nice to use for a secure RHEL 5.2 cluster as well since people would only need to use one interface. It seems to do well with the syslog entries, but I don't see anything about getting the auditd/ audit.log entries into it. Can anyone point me to some information on how to do this or should I give up on this and go the Prewikka route? Thanks, Dan