Re: Viewing Auditd LOG format (RHEL 4 Workstation: 64bit Kernel 2.6.9-67)

Tuesday, 27 May 2008

McCarthy, John D. wrote:
...

 Is there a way to view/change the Auditd log format so when I view the
 logs they are more user friendly to read?  I think the auditd.conf file
 format is FORMAT=RAW, is this the setting and if so can I change it so
 my logs are less complicated to read.  The other log files (SYSTEM or
 SECURITY) are user easy enough to read; its just the auditd.log files
 are complicated. 
The log_format option just lets you specify whether to log the records
or just send them to the audit dispatcher.

Have you tried using the ausearch or aureport commands to view the
logs?  They provide a variety of display/summary options.  I know
ausearch is in RHEL4 - not sure about aureport.

-- ljk
...

 Thank You

 John D. McCarthy
 Information Assurance Principal Engineer
 General Dynamics AIS
 5200 Springfield Pike Suite 200
 Dayton, Ohio 45431-1289
 Phone: 937-476-2619
 Fax: 937-476-2542

 ------------------------------------------------------------------------

 --
 Linux-audit mailing list
 Linux-audit(a)redhat.com
 https://www.redhat.com/mailman/listinfo/linux-audit 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: Viewing Auditd LOG format (RHEL 4 Workstation: 64bit Kernel 2.6.9-67)