|Main Archive Page > Month Archives > fedora-selinux archives|
Josef Kubin wrote:
> I've just wrote a simple sed script for conversion of audit.log to html
> counterpart, because the audit.log file over web is really hard to read
> without highlighting by "avc: denied" substring and corresponding
> timestamp group.
> $ audit2html < /var/log/audit/audit.log > audit.log.html
> Suggestions and comments are welcomed, thank you for your feedback.
Thank you for sharing this Josef, this looks interesting and useful, but I have a couple of questions, at least based on the example you provided. The grouping appears to be wrong. Some items in a group share a common timestamp, others do not and are a mix of other audit events. Events must share a common second, millisecond, and serial number (and host when present). I looked at the sed script to see how this was happening but complex sed syntax is too cryptic to be readable :-( Also, have you considered using the audit parsing library (auparse) for this task? It is designed to make parsing audit data easy and robust (and I dare say more readable and maintainable than sed :-) -- John Dennis <email@example.com> -- fedora-selinux-list mailing list firstname.lastname@example.org https://www.redhat.com/mailman/listinfo/fedora-selinux-list