Mailinglist Archive: opensuse-security (51 mails)

< Previous Next >
Re: [opensuse-security] No time stamps in audit.log?
Is this their goal, to make reading the log file as hard as possible?
Why not encrypt it with AES to be sure you canĀ“t read it.....

This logfile needs be easily machine readable without ambiguities, and human
readable
timestamps are kind of harder to parse than just seconds since 1970.

It is assumed that tools will be used to post-process it, e.g. aureport
or aa-logprof or others.

Ok. When I use aureport --mac I get only "no events of interest were
found". Currently I use less, tail and grep to read audit.log. I read
there is a GUI tool audit-viewer, but it seems not available at openSUSE.

What convenient way do you suggest to read audit logs? Especially for
AppArmor.

Thanks


< Previous Next >
List Navigation
Follow Ups