Skip to content Skip to sidebar Skip to footer
Home / Audit / Linux / Python

Python Library For Handling Linux's Audit.log?

Post a Comment
I'm searching for a python (3^) library to ease the processing of audit.log (on CentOS6 that is at /var/log/audit/audit.log). I'm thinking about a library that grabs the log lines

Solution 1:

As I didn't found a library nor did anyone suggest one, so I have come up with this function using a binary provided by the audit's package:

def read_audit(before,now,user):
    auparam = " -sc EXECVE"
    cmd = "ausearch -ts " + before.strftime('%H:%M:%S') + " -te " + now.strftime('%H:%M:%S') + " -ua " + user + auparam
    p = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
    res = p.stdout.read().decode()
    return res

I call the binary by the subprocess module, so an import subprocess is needed in the header of the code. The function grabs logs of program executions between the provided times via the ausearch tool.

Solution 2:

You can install the package: setroubleshoot-server

Then look at the file /bin/sealert which is a python program and does a lot of stuff with audit.log based on the flags.

Post a Comment for "Python Library For Handling Linux's Audit.log?"