1. The GUI framework
2. Parsing trailor files
3. Capturing audit log lively
1、How to make the AuditAnalyzer more close to user is a question to be thought about.
- 2、Different to ip packet analyzer, the audit analyzer should pay attention to make the audit log more readable.
- 3、Classify the events which user usually care about
- 4、It is normally that there are some audit record for a system call, but commanly people will ask what operation create this systam call audit record. People care more about the top level operation such as who login in the system. Who rm the /var/log/message. Who modified the /etc/rc.conf file and so on.
- Add the fuction support lively audit log reading
- Through GUI, you can got live audit log from auditpipe.
- 1、add error handle
- 2、complete the file open and close
- 3、add filter
- 4、add static panel，and display the static information
Have got a GUI framework for auanalyzer. Click here for the analyzer's snapshot.
- Complete the function of reading trail file and parsing record into list view and tree view.
- Start GTK+ programming.