1833625 Members
3688 Online
110062 Solutions
New Discussion

Audit Logs

 
Mike Burk
Advisor

Audit Logs

Anyone write custom scripts that filter the audit logs? If so can I get an example. I am looking to make the audit log output more readable i.e. so none unix people can read them and somewhat understand what is going on, like user xxx logged on and then su'd to user yyy and then logged off.
2 REPLIES 2
Manuel P. Ron
Frequent Advisor

Re: Audit Logs

Use this command to display the information contained in audsys logs files:

audisp [options flags] audit_filename

Use the options flags to filter the output:

-u username, -e eventname, -c syscall, -l ttyid, -t start_time, -s stop_time, ...

Please, consult man page for more info. Thanks.
Crash programs fail because they are based on the theory that, with nine women pregnant, you can get a baby a month. - Wernher von Braun
Joe Doe Sr
Occasional Advisor

Re: Audit Logs

On Debian GNU/Linux you have logcheck (http://packages.debian.org/cgi-bin/search_packages.pl?keywords=logcheck&searchon=names&subword=1&version=all&release=all) and that application can incremental scan and mail the results of a check on logfiles to a mailaddress. And you can extend the search-patterns. A little note, the logcheck in testing and unstable have more patterns then logcheck in stable.

-Hans