Does anyone know if there is software written to view the audit logs generated by Solaris? I am referring the the logs created by auditd. It produces an unreadable log. I am familiar with auditreduce and praudit, but I am looking for something that produces a report, much like logwatch looks at the system logs and produces a report.
Use
praudit
on files in /var/audit/*
I believe I said I was already familiar with praudit.
my bad. You just named the reporting tools. praudit -x gives you xml output if that is any assistance.
There is snare - SNARE - Auditing and EventLog Management | Free Security & Utilities software downloads at SourceForge.net
It is Windows based - last time I saw it. I have not used it, so I cannot comment.
It reads audit events, as I understand it it.
Thank you. Never heard of SNARE. I will check it out.
---------- Post updated 01-18-13 at 06:44 PM ---------- Previous update was 01-17-13 at 10:42 PM ----------
There were several versions. Downloaded and installed it today. This appears to be exactly what I was looking for. I installed the Solaris version and was able to access the server remotely via a browser.