Steve, I'm testing the RHEL4 audit 1.0.14 now with the sample capp.rules , and I am generating data. UGLY data. I am wondering what tools/GUIs/scripts people are using to look at this data. I've written scripts for Solaris and Irix and mac OSX to parse the audit data into a more English-like format so it helps our admins review the logs. If I need to, I can use your faq example and get the audit records to be one per line and write my own script to parse this, but I don't want to reproduce effort if there are nice scripts or GUIs available already. My google searches are leading off on lots of tangents, but I can't seem to find what I'm after (or perhaps stuff just isn't out there?). Any hints/tips/pointers you can provide would be greatly appreciated.
Thanks, Karen Wieprecht -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
