People, I know this may be a FAQ, but I need to map Linux audit events/records/fields into a CSV with predefined column meanings, possibly one event per line. ie.: userid; source; subject; action; object;
I was thinking in using the python auparse library to do such thing. Problem is, how can I know what fields each record type will have, and what records can I expect from a certain event (I know there is no such thing as event type, but would be good to know what other records are available when, for example, a LOGIN or USYS_CONFIG record comes in). Maybe I can accomplish the same thing with ausearch/aureport? Thanks for any thoughts, Klaus -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
