Reputation: 468
Python library for handling linux's audit.log?
I'm searching for a python (3^) library to ease the processing of audit.log (on CentOS6 that is at /var/log/audit/audit.log). I'm thinking about a library that grabs the log lines to python and enables the querying/filtering in a human way.
There are traces of a tool called audit-python, not in pip list, doesn't really look promising. So far no hope of a library handling this widespread audit log.
Maybe some would share their code of how they did process the audit.log?
Upvotes: 1
Views: 3743
Answers (2)
Reputation: 468
As I didn't found a library nor did anyone suggest one, so I have come up with this function using a binary provided by the audit's package:
def read_audit(before,now,user):
auparam = " -sc EXECVE"
cmd = "ausearch -ts " + before.strftime('%H:%M:%S') + " -te " + now.strftime('%H:%M:%S') + " -ua " + user + auparam
p = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
res = p.stdout.read().decode()
return res
I call the binary by the subprocess module, so an import subprocess is needed in the header of the code. The function grabs logs of program executions between the provided times via the ausearch tool.
Upvotes: 2
Reputation: 16619
You can install the package: setroubleshoot-server
Then look at the file /bin/sealert which is a python program and does a lot of stuff with audit.log based on the flags.
Upvotes: 1
Related Questions
- Automatic Python logging
- How to set up and use python audit hooks
- Logger Utility in python
- Logged changes to an audit log
- Log tailing daemon with Python
- Logging in Python?
- How to automate python logging
- File-like wrapper for Python logging
- Is there a better way to monitor log files?(linux/python)
- Complete log management (python)