[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] No time stamps in audit.log?



>> Is this their goal, to make reading the log file as hard as possible?
>> Why not encrypt it with AES to be sure you can´t read it.....
> 
> This logfile needs be easily machine readable without ambiguities, and human readable
> timestamps are kind of harder to parse than just seconds since 1970.
> 
> It is assumed that tools will be used to post-process it, e.g. aureport 
> or aa-logprof or others.

Ok. When I use aureport --mac I get only "no events of interest were
found". Currently I use less, tail and grep to read audit.log. I read
there is a GUI tool audit-viewer, but it seems not available at openSUSE.

What convenient way do you suggest to read audit logs? Especially for
AppArmor.

Thanks


Attachment: signature.asc
Description: OpenPGP digital signature