Re: log files
On Fri, 2011-06-17 at 14:15 -0400, Pittigher, Raymond - ES wrote:
What do the users of this list use to read the log files? I have
tried
Spacewalk (which is nice) but is a lot of software to install to read
logs. I have looked at Prewikka but do not have it totally configured
yet to give it a OK or not.
My experiences (I assume you specifically mean the audit logs):
Prewikka would be for IDS events only with the prelude plugin.
I use the audit-viewer with pre-constructed list tabs to match events
necessary for verification testing.
For faster results when looking for specific events or investigation, I
use the command line tools aureport and ausearch.
What would be great IMHO is to have a prewikka-like web interface for
the audit events.
HTH,
LCB
--
LC (Lenny) Bruzenak
lenny(a)magitekltd.com