Hello everybody, in Red Hat SELinux Guide, paragraph 6.2.3, page 95 of 130, Kersten Wade wrote about seaudit-report: "The command lets you specify the incoming log source, either from files or STDIN, and output to a le or STDOUT as text or styled HTML. By piping through seaudit-report using STDIN and STDOUT, you can use this utility to generate automatic reports that can be sent via email or posted on an Intranet page." This solution is definitely interesting to me, have you code to implement it?
Paolo De Nictolis
On Mon, 2006-08-28 at 17:31 +0200, Paolo D. wrote:
Hello everybody, in Red Hat SELinux Guide, paragraph 6.2.3, page 95 of 130, Kersten Wade wrote about seaudit-report: "The command lets you specify the incoming log source, either from files or STDIN, and output to a le or STDOUT as text or styled HTML. By piping through seaudit-report using STDIN and STDOUT, you can use this utility to generate automatic reports that can be sent via email or posted on an Intranet page." This solution is definitely interesting to me, have you code to implement it?
This is not in reference to seaudit-report, but setroubleshoot does have the ability to agregate the analysis of AVC's and send email's to interested parties with the summary information. (Note, although this feature is in the current package it is being reworked this week to be more friendly and use HTML formatting).
This solution is definitely interesting to me, have you code to implement it?
The aureport command was intended to be the audit log reduction utility. It can provide lots of information about various aspects of the system beyond AVCs.
for example, failed logins: aureport -ts today -l --failed
failed syscalls: aureport -ts -i -s --failed
failed file access: aureport -ts today -i -f --failed
You can also get numeric summaries by adding --summary.
-Steve
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
selinux@lists.fedoraproject.org