Version 0.9 is out
Release 0.9 is ready for download and build.
This is an initial release of this tool.
Processing audit database in cfengine is a better thing than parsing logs, because it has fixed format that doesn't change when different tools are being used. Hence, I find audit database machine-processable and reliable.
Application internals (including audit database structure) is available here: http://dozzie.jarowit.net/api/cfauditdump/
- Tokyo Cabinet support (newer CFEngine 3.x releases)
How to download
git clone http://dozzie.jarowit.net/code/cfauditdump.git
How to install
NOTE: Installation process is tested for building packages. If you want to make mess in your system by omitting package system, you are on your own.
You need casual package building tools for your distribution, either rpm-build (RPMs) or dpkg-dev with fakeroot (DEBs).
- Prepare source RPM (non-root privileges are fine here)
- Build binary RPM (unless you've taken care of building as non-root, you
need to be root here)
rpmbuild --rebuild cfauditdump-*.src.rpm
- Install package with its dependencies (exact path should be printed by previous step); most probably it will be located in /usr/src/redhat/RPMS/noarch/cfauditdump-*.rpm
- Build binary package
dpkg-buildpackage -b -uc
- Install package (../cfauditdump_*.deb) with its dependencies