>> Your best bet might be to use the auparse library, or ausearch which knows how to interpret the audit log format for you and can present the >> information in a human friendly format.
I would really like to see a sample of what the auparse output looks like. I have a Perl script that sucks the output of ausearch into a key-value hash table from which I have other code that determines how to print this in a human friendly format, but I'm wondering if auparse can replace that or if all it does for me is to get the information into the key-value hash table so I can decide how I want to format the output ... Anyone have a sample of what they have done with any particular record type and what auparse does with it on the output end? Thanks, Karen Wieprecht -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
