improved reporting and logging about aide HOT 8 CLOSED

This would be awesome!

from aide.

Hey, i'd really love to have such feature as the report format is presumably great for being read by humans but not by machines.
Right now it seems to be necessary to build a state machine to get some sense out of the output.
I'd be glad if i could help with the implementation or at least testing of such feature!

from aide.

This feature request is a bit messy and confuses report and log output. So let me try to line up a bit:

Log messages are written to stderr by default A log_url option can be discussed in #20.

The possible values for report_url are listed and documented in the aide.conf manual page, please open a new issue if something is missing there.

A report_append config option has been added recently in AIDE 0.17.

The json report format is handled in #18.

That leaves IEFT report format for this issue. Can you please specify in more detail how the report output should look like?

from aide.

I cannot say anything abot this, I just cut&pasted the issue from Sourceforge.

from aide.

@captain118 @makefu as you reacted with 👍 to this issue, can you please read my last comment and specify in more detail what is still missing in AIDE and how the report should look like?

from aide.

Hi, i'd love to see aide reporting results in json format so they can be forwarded to a SOC and checked/alerted there if changes occurred which were not planned.

Right now the json format in #18 is the most relevant to get this working as the IETF format can be solved by a syslog forwarding agent (rsyslog,syslog-ng)

from aide.

@makefu I wrote an experimental log file conversion utility in ruby at #18 .
Please let me know if there is something specific missing in it.

from aide.

I close this feature request now in favour of #18; if there is still something missing regarding IEFT report format, please open a new issue.

from aide.