4 Sep
2014
4 Sep
'14
20:43
Is this their goal, to make reading the log file as hard as possible? Why not encrypt it with AES to be sure you can´t read it.....
This logfile needs be easily machine readable without ambiguities, and human readable timestamps are kind of harder to parse than just seconds since 1970.
It is assumed that tools will be used to post-process it, e.g. aureport or aa-logprof or others.
Ok. When I use aureport --mac I get only "no events of interest were found". Currently I use less, tail and grep to read audit.log. I read there is a GUI tool audit-viewer, but it seems not available at openSUSE. What convenient way do you suggest to read audit logs? Especially for AppArmor. Thanks