Hello,
I applied this patch [1] and it works well.
Don't understand why he stayed without attention?
-A.K.
[1] https://www.redhat.com/archives/linux-audit/2015-March/msg00018.html
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Muratova murat...@itsirius.su
Копия: linux-audit linux-audit@redhat.com
Отправленные: Среда, 4 Март 2015 г 20:50:53
Тема: Re: log rendering in real time in audit-viewer
Hello,
Hello Miloslav, and all the guys!
We use audit-viewer for events monitoring.
Unfortunately, if some log is rather big
This code extends audit-viewer _ParserEventSource to produce
UpdatableEventSource (unprivileged).
I have not added this option to SourceDialog, so to see how updating works
command line call may be used (python main.py -p -s /path/to/log)
diff -u -X ex or_src/event_source.py oav/src
in audit-viewer
Hello Miloslav, and all the guys!
We use audit-viewer for events monitoring.
Unfortunately, if some log is rather big it takes to much time for audit-viewer
to parse and render it.
Besides, we need to render log updates in real time, i.e. when a new line
appears in a log, it should
On Wednesday, March 04, 2015 12:50:53 PM Miloslav Trmač wrote:
Hello,
Hello Miloslav, and all the guys!
We use audit-viewer for events monitoring.
Unfortunately, if some log is rather big it takes to much time for
audit-viewer to parse and render it.
Besides, we need to render log
Hello,
Hello Miloslav, and all the guys!
We use audit-viewer for events monitoring.
Unfortunately, if some log is rather big it takes to much time for
audit-viewer to parse and render it.
Besides, we need to render log updates in real time, i.e. when a new line
appears in a log, it should
Hello Miloslav, and all the guys!
We use audit-viewer for events monitoring.
Unfortunately, if some log is rather big it takes to much time for audit-viewer
to parse and render it.
Besides, we need to render log updates in real time, i.e. when a new line
appears in a log, it should appear
I actually figured it out yesterday. I just need to add name=value pairs as
text in the user msg to be interpreted by Audit Viewer.
Thanks for the quick response.
From: Miloslav Trmac [m...@redhat.com]
Sent: Tuesday, February 26, 2013 2:29 AM
To: Brown, Curtis
I'm running on Centos 6.3 with gtk2-2.18.9-10.el6 and audit-viewer 0.7.4.
I have no horizontal scroll bar even though there is data.
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
I don't know if this the correct forum for questions about the Audit Viewer but
here goes.
I wrote a test app to write an audit user message (audit_log_user_message).
This is successful.
I'm trying to display the msg= portion of the audit record in Audit Viewer
without success.
The msg
Hello,
audit-viewer-0.6 is now available at
https://fedorahosted.org/audit-viewer/wiki/AuditViewerDownloads .
Changes:
* Fix a crash when exporting an event list
* Fix chart display
* New or updated translations:
- Asturian by Astur malditoas...@gmail.com
- Danish by Kris Thomsen lakris
the application-submitted
text.
Adding an export functionality to the Event detail dialog should not be
difficult, filed as https://fedorahosted.org/audit-viewer/ticket/12 .
I also tried adding the other fields to the columns listing, however
that particular test also had a different error
took longer. When it was finally
loaded it, the process size was over 2GB.
Sure. The audit viewer could be changed to hold only the records that might be
displayed and not all of them. It would then need to track what's displayed
and start a background thread to gather more info for display
On Sat, Dec 19, 2009 at 1:03 AM, Miloslav Trmac m...@redhat.com wrote:
- LC Bruzenak le...@magitekltd.com wrote:
Is there any plan to add printing capability to the audit-viewer?
Not currently; you can export any tab to HTML[1] and use a web browser (or
perhaps (lynx -dump | lpr
- LC Bruzenak le...@magitekltd.com wrote:
Is there any plan to add printing capability to the audit-viewer?
Not currently; you can export any tab to HTML[1] and use a web browser (or
perhaps (lynx -dump | lpr)) to print it. Is that an acceptable solution for
you?
Mirek
[1] I have just
Mirek,
Thanks for this. I was finally able to get back to this project and
have been able to compile everything to get audit-viewer running.
I am getting this error when audit viewer starts:
# audit-viewer
Error reading audit events: No such file or directory.
Thinking that perhaps
Hello,
- Dan Gruhn dan.gr...@groupw.com wrote:
I am getting this error when audit viewer starts:
# audit-viewer
Error reading audit events: No such file or directory.
Thinking that perhaps something is pointing to the wrong files, I
attempted to use Window/Change event source
often produce the correct result.
I personally use a different prefix for development and installation without
root privileges - but I could of course use an extra option for that.
In general, I don't think overriding localstatedir in audit-viewer is worth it.
It violates user's expectations
Dan,
- Dan Gruhn dan.gr...@groupw.com wrote:
I'm having problems running audit-viewer and it appears that I am
missing some packages like python-gtkextra, PyChart, and sexy-python. I
don't have them available on RHEL 5.2 (or 5.3 for that matter) and
have been trying to compile them.
Oh
- Dan Gruhn dan.gr...@groupw.com wrote:
I have audit-viewer-0.4 and get the following error from make
install
Byte-compiling python modules...
client.py dialog_base.py event_dialog.py event_source.py filters.py
format_versions.py list_properties.py list_tab.py File
/usr/local/share
Is there a way to specify on the command line a way to tell the
audit-viewer to read a specific raw event file?
Thx,
LCB.
--
LC (Lenny) Bruzenak
le...@magitekltd.com
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Hello,
- LC Bruzenak le...@magitekltd.com wrote:
Is there a way to specify on the command line a way to tell the
audit-viewer to read a specific raw event file?
No.
Mirek
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
, this the two conditions are equivalent if no event has a
timestamp 0.x.
The patch also decreases the assumed minimal length of a timestamp.
I have tested this only minimally - I have checked that (make check)
succeeds, and that audit-viewer doesn't crash on startup.
This patch fixes handling
Hello,
audit-viewer-0.4 was released. The most important changes in this
release are:
* Support viewing all rotated log files together
* Change default List view to show newest events at the top
* Make the audit-viewer window larger by default
* Offer the 'node' field
On Monday 22 September 2008 20:57:59 Miloslav Trmač wrote:
LC Bruzenak píše v Po 22. 09. 2008 v 19:38 -0500:
On Mon, 2008-09-22 at 23:30 +, Miloslav Trmač wrote:
node=hugo type=AVC msg=audit(0.000:6760): SNIP comm=lockd
I'm curious how this audit record could have been created
Hello,
LC Bruzenak píše v Po 29. 09. 2008 v 12:03 -0500:
How can I specify the serial number as one of the audit-viewer columns?
You can't.
This would best be fixed as a general expansion of the field value
interpretation part of libauparse.
Filed as https://fedorahosted.org/audit-viewer/ticket
On Monday 29 September 2008 16:55:27 Miloslav Trmač wrote:
This would best be fixed as a general expansion of the field value
interpretation part of libauparse.
The serial number is accessible at the event level, not the record or field
level. I suppose we could add access at the field level.
.
The patch also decreases the assumed minimal length of a timestamp.
I have tested this only minimally - I have checked that (make check)
succeeds, and that audit-viewer doesn't crash on startup.
This patch fixes handling of the following Lenny's audit record:
node=hugo type=AVC msg=audit(0.000
, this the two conditions are equivalent if no event has a
timestamp 0.x.
The patch also decreases the assumed minimal length of a timestamp.
I have tested this only minimally - I have checked that (make check)
succeeds, and that audit-viewer doesn't crash on startup.
This patch fixes handling
F9, permissive/targeted
audit-viewer:
audit-viewer-0.3-1.fc9.x86_64
It was working fine, then I loaded several rpms (below).
Now I get this on startup:
Traceback (most recent call last):
File /usr/share/audit-viewer/main.py, line 71, in module
if w.setup_initial_window(args):
File /usr
On Mon, 2008-08-04 at 17:49 -0500, LC Bruzenak wrote:
After reading Steve's info about the comm field being clipped at 16
chars, I was surprised to see a longer string inside the audit-viewer
comm field.
I have taken a screen shot, but won't post it unless asked (it's 41K).
The comm field
I was delighted to see the functionality of audit-viewer. It displays
audit logs in a much more user-friendly manner than ausearch does.
However, I have been unable, at least so far, in getting audit-viewer,
via its List Properties function to accept an ausearch expression.
Paul Woodie, CISSP
Hello,
audit-viewer-0.3 was released. The most important changes in this
release:
* Make it possible to browse events using the Event detail
dialog
* Add quick search in event list results
* Make it possible to open a tab in a new window
* Support showing reports
Miloslav Trmač píše v St 25. 06. 2008 v 22:02 +:
* Support showing reports as bar
Sorry, make that as bar charts.
Mirek
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Mirek,
First thing I want to say is that this is a really good first release
tool! There are a lot of things I like and so far not a lot I don't.
I have a couple of questions though:
1: The filters all seem to work fine, and I like the ability to store
the filter config. One thing I believe
So far so good.
One very trivial suggestion is to have a horizontal scroll bar on the
bottom, so that when the other fields is off the page I can still see
the entire event.
Thx,
LCB.
--
LC (Lenny) Bruzenak
[EMAIL PROTECTED]
--
Linux-audit mailing list
Linux-audit@redhat.com
Hello,
audit-viewer is now available in Fedora 9. It is a GUI for viewing
audit logs and running simple reports on them, intended as an ueasy to
use alternative to ausearch and aureport. To see what audit-viewer can
do, please read
https://fedorahosted.org/audit-viewer/wiki/AuditViewerTour
37 matches
Mail list logo