Since I never find time to work on any of my pet projects, I asked a friend to work on the Audit Viewer for me. This proved to be a good thing...
He has now released Audit Viewer version 0.0.1, which is available as a Java WebStart application. You can give it a try by following this link. If you have trouble starting it, you can try to run:
$ javaws http://www.jarnringen.se/auditviewer/auditviewer.jnlpfrom the command line.
To load a Solaris audit file, you first have to convert it to XML by running:
# praudit -x /path/to/auditfile > auditfile.xml
The program is very early alpha quality, but it can be used to view some of the most common audit records. Most likely the program will crash and burn, since it doesn't handle all kinds of audit tokens yet. Unfortunately, the debugging features are limited at the moment, but in next version he promised to add better debugging output so you can submit feedback if (when) it breaks.
If you feel like sharing some of your audit logs with him it would be very helpful. I'm not at liberty to send mine to him, so we are looking for good live samples. If you have a few MBs of logs to share, compress the binary files and send them to me and I'll forward them.
Once an update is available I'll post the news here along with the changelog.
[Technorati Tags: OpenSolaris Solaris Security]
