HPE Community
Operating System - HP-UX
1830452 Members
2373 Online
110004 Solutions
New Discussion

How to read audit logs

 
SOLVED
Go to solution
hpuxrox
Respected Contributor

‎02-19-2004 01:55 AM

‎02-19-2004 01:55 AM

How to read audit logs

I am looking for a way to read tbc audit logs from windows. Is anyone aware of a tool to do this.
0 Kudos
Reply
7 REPLIES 7
Paula J Frazer-Campbell
Honored Contributor

‎02-19-2004 02:47 AM

‎02-19-2004 02:47 AM

Re: How to read audit logs

Hi

If they are not binary then wordpad or notepad may do it.

If they are tab or comma seperated then import them into Excel.

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎02-19-2004 02:55 AM

‎02-19-2004 02:55 AM

Re: How to read audit logs

I believe you mean TCB and not TBC audit logs, correct?


live free or die
harry
Live Free or Die
0 Kudos
Reply
hpuxrox
Respected Contributor

‎02-19-2004 03:07 AM

‎02-19-2004 03:07 AM

Re: How to read audit logs

Paula, They are in binary format.

Harry, Yes, I typoed, I mean TCB.


Thanks
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎02-19-2004 03:17 AM

‎02-19-2004 03:17 AM

Re: How to read audit logs

Hi

If in binary try on the unix end:-

strings

Is the output any use?

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎02-19-2004 03:23 AM

‎02-19-2004 03:23 AM

Solution

Re: How to read audit logs

Yates,

I assume you are talking about current and next audit files (by default audfile1, audfile2). You will need to use 'audisp' command to convert them into text files.

audisp > audfile.txt

You can use switches to audisp command to filter out the users, events, calls etc.,

I don't think you can view them on windoz. You can convert them to text on HP box and then open them in windoz using word etc.,

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
hpuxrox
Respected Contributor

‎02-19-2004 04:44 AM

‎02-19-2004 04:44 AM

Re: How to read audit logs

Thanks again man! I think audisp will work, I would just need to setup a script to do this automatily on demand for security. Problem is, 1G of audit logs a day converted to asci will take a LOT of space.
0 Kudos
Reply
Darren Prior
Honored Contributor

‎02-19-2004 06:12 AM

‎02-19-2004 06:12 AM

Re: How to read audit logs

Hi Yates,

The file format for these files is defined in the audit(4) man page. It might be worth writing something in C or Perl that could read that format, in other words write your own audisp that would run on the PC.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.