https://github.com/foxcpp/audit_pretty
Linux Auditing System logs pretty printer
https://github.com/foxcpp/audit_pretty
linux-audit linux-security security
Last synced: 2 months ago
JSON representation
Linux Auditing System logs pretty printer
- Host: GitHub
- URL: https://github.com/foxcpp/audit_pretty
- Owner: foxcpp
- License: mit
- Created: 2018-04-02T19:11:10.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2019-12-22T12:54:35.000Z (about 6 years ago)
- Last Synced: 2025-04-13T11:23:26.945Z (9 months ago)
- Topics: linux-audit, linux-security, security
- Language: Python
- Size: 142 KB
- Stars: 11
- Watchers: 2
- Forks: 1
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Audit: audit_pretty/__init__.py
Awesome Lists containing this project
README
[WIP] audit-pretty
====================
[Linux Auditing System ](https://linux.dit.net/man/8/auditd) log files pretty printer.
 
Installation
------------------------
You can run script directly from repository: `python3 -m audit_pretty ARGS...`
or install it to system directory: `pip3 install audit_pretty`.
Usage
------------------------
You need only Python 3 for this script to work.
```
sudo dmesg | audit-pretty
```
```
sudo cat /var/log/audit/audit.log | audit-pretty
```
It works correctly with `dmesg -w` so you can watch live log in readable
format!
```
sudo dmesg -w | audit-pretty
```
There are bunch of useful options you may want to use, check out `audit-pretty -h`!
Room for improvement
------------------------
- [x] Don't use colors (`--no-colors`)
- [x] Filter by time (`--since`, `--until`)
- [ ] Handle more than just AppArmor violations
- [x] Verbose option to include more info (`-v`, `--verbose`)
- [x] Filter message types (`-e`, `--exclude`, `--only`)
- [x] Merge repeated messages (useful for policy debugging) (`--merge`)