A tool for selecting and displaying kernel audit logs data
This is a simple GUI application that extracts the plain text data from
one or more log files or
ausearch, puts them into a temporary
SQLite database, and allows the user to select and display certain sets
of data that match selection criteria.
There is inadequate online help to give you a half a chance.
It's written and tested with the 1.2.5 release of the auditd package.
It might work with other releases, or it might not, depending on what was
changed in the log file format.
You can optain wish and the SQLite3 package from
- X Windows
This is pre-alpha software. It works for me. It might work for you.
It might even be useful. It probably won't eat your goldfish, but I
don't make any promises.
This software is not released. It more like it snuck out, leaving the
guards confused and unable to explain how it happened.
Feedback, pro or con can be directed to
- Escape 0.1 Supports
- searching on multiple fields in a single table
- displaying multiple fields from multiple tables with identical Msg values
- Download Aug-1-2006 Escape
- Escape 0.2
- Added File menu option to save report in text window.
- Added new help info.
- Changed custom reports to use tabbed notebook widget to better
fit on screen.
- Download Aug-2-2006 Escape