I spent the weekend rewriting the AuditViewer so I won't have to be ashamed of it, if I release it.
The basic mode of operation is to load an XML file (from "praudit -x"), and then scroll through the list of cronological audit records. Click on any record to get a detailed view of all the audit tokens of that record.
There is still a lot to be done. The cronological list needs to be filled with better information, the search function needs to me implemented, tooltips have to be added to describe the different fields.
If you have strong oppinions on what should be shown, feel free to speak up!
Here is an image, so you can get a feel for how it will look:
A few more days and I should have the basic things straightened out...
The one thing I think would be really nice is a flexible search facility that would allow me to say something like "show all records between 29 Aug and 3 Sept 2004 for which the Audit UID is not "allowed_usr1" or "allowed_usr2" and real or effective uid is root".
Sort of subset of SQL adapted to BSM records . I realize this may not be so simple. But a few criteria would be good.
Great work !
Vlad.
Posted by Vlad Grama on August 30, 2004 at 02:06 PM PDT #