Re: a new tool

Josef Kubin wrote:
> Hello,
>
> I've just wrote a simple sed script for conversion of audit.log to html
> counterpart, because the audit.log file over web is really hard to read
> without highlighting by "avc: denied" substring and corresponding
> timestamp group.
>
> http://people.redhat.com/jkubin/selinux/audit2html
>
> $ audit2html < /var/log/audit/audit.log > audit.log.html
>
> http://people.redhat.com/jkubin/selinux/audit.log.html
>
> http://tinyurl.com/2ek3oe
>
> Suggestions and comments are welcomed, thank you for your feedback.

Thank you for sharing this Josef, this looks interesting and useful, but I have a couple of questions, at least based on the example you provided. The grouping appears to be wrong. Some items in a group share a common timestamp, others do not and are a mix of other audit events. Events must share a common second, millisecond, and serial number (and host when present). I looked at the sed script to see how this was happening but complex sed syntax is too cryptic to be readable :-( Also, have you considered using the audit parsing library (auparse) for this task? It is designed to make parsing audit data easy and robust (and I dare say more readable and maintainable than sed :-) -- John Dennis <jdennis@redhat.com> -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

• This message: [ Message body ]
• Next message: Daniel J Walsh: "Re: Serving Mercurial Repositories"
• Previous message: Antonio Olivares: "Re: Enforced Selinux prevents booting"
• In reply to: Josef Kubin: "a new tool"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]