Is there a way to view the rolled and compressed audit logs in the GUI Audit Viewer? I understand that they can be looked at with the command line, but the GUI allows you to be more effecient with the sorty and searching through the data when looking for trends.
The GUI Audit Viewer will look at the rolled and compressed audit.raw files. Unfortunately it is not quite as easy to point at a particular audit file, but you can use the time frame in the viewing area to show only audit message from certain time periods.
I did want to mention that the command line tools we have are very powerful once you figure out how to use them. acat along with sacap filters will allow you to filter the audit to get only what you want.
here is some useful information to help with the CLI:
These commands are useful also:
acat -c | less
Once again, thanks for your stellar support mtuma, I appreciate it. I agree, the CLI is very powerful especially when used with other commands like cut and sort. Sometimes I just want to look at the pretty colors in the GUI though and think about how to filter down to what I want. Appreciate it and thanks for the help.