[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] No time stamps in audit.log?



Hello,

Am Sonntag, 7. September 2014 schrieb pinguin74:
> Am 05.09.2014 00:43, schrieb Christian Boltz:
> > Am Donnerstag, 4. September 2014 schrieb pinguin74:
> >> What convenient way do you suggest to read audit logs? Especially
> >> for
> >> AppArmor.
> > 
> > Personally, I let logdigest mail me the interesting parts of
> > audit.log (which basically means grep -v $boring_lines).
> > 
> > For something that is easier readable, I can recommend
> > 
> >     aa-notify -v -s 1
> 
> Ah, okay, works.
> 
> I just thought, aa-notify gives a graphical popup note on the desktop?
> I gues it can´t do that?

It can do both ;-)

> Oh, wait, I have a cool idea, I will pipe the aa-notify output to KDE
> KWrite and create a new KWrite color highlighting schema, this way I
> get a optical nice log file output! And with sudo´ed I even don´t
> need the root password!

Just to make it clear, "-s 1" gives you a summary of the last day.

If you want real-time desktop notifications, use

    sudo aa-notify -p --display $DISPLAY


Regards,

Christian Boltz
-- 
Jetzt kriege ich es echt mit der Angst: da gibt es Zeilen in meinem
Code der identisch mit dem von SCO ist, etwa ein "include <stdio.h>"
oder aber auch ein hinterlistiges "default:break;".
[Michael Karges in suse-linux]

--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx