Looking for a tool to read the security audit file efficiently
Posted: Sun Mar 26, 2023 5:11 am
Hi,
I have been asked to assist a site with some security auditing. They have enabled file access auditing on command procedures and executable images in certain directories, and we can see the results using ANAL/AUDIT/FULL.
However, the number of entries being generated is huge and so I would like to use a command line tool which enables better control over the fields displayed when reading the audit file.
Does anyone know of such a tool? If not, I can probably write one - if the record layout is documented somewhere.
Thanks,
Jeremy Begg
I have been asked to assist a site with some security auditing. They have enabled file access auditing on command procedures and executable images in certain directories, and we can see the results using ANAL/AUDIT/FULL.
However, the number of entries being generated is huge and so I would like to use a command line tool which enables better control over the fields displayed when reading the audit file.
Does anyone know of such a tool? If not, I can probably write one - if the record layout is documented somewhere.
Thanks,
Jeremy Begg