Using the scripts in Section B.0, Creating Bar Charts from the Audit Statistics and Section A.0, Creating Flow Graphs from the Audit Statistics, you can illustrate your audit statistics with various graphs and charts. Follow the installation instructions for the visualization scripts and determine which plots you need to run. As with any other aureport command, the plotting commands are scriptable and can easily be configured to run as cron jobs.
To plot summary reports, such as the ones discussed in Section 2.6, Configuring Audit Reports, use the script introduced in Section B.0, Creating Bar Charts from the Audit Statistics. Some example commands could look like the following:
aureport -e -i --summary | ./mkbar events
aureport -f -i --summary | ./mkbar files
aureport -l -i --summary | ./mkbar login
aureport -u -i --summary | ./mkbar users
aureport -s -i --summary | ./mkbar syscalls
To create a summary chart of failed events of any of the above event types, just add the --failed option to the respective aureport command. To cover a certain period of time only, use the -ts and -te options on aureport. Any of these commands can be tweaked further by narrowing down its scope using grep or egrep and regular expressions. See the comments in Section B.0, Creating Bar Charts from the Audit Statistics for an example. Any of the above commands produces a PNG file containing a bar chart of the requested data.
To illustrate the relationship between different kinds of audit objects, such as users and system calls, use the script introduced in Section A.0, Creating Flow Graphs from the Audit Statistics. Some example commands could look like the following:
LC_ALL=C aureport -u -i | awk '/^[0-9]/ { printf "%s %s\n", $4, $7 }' | sort | uniq | ./mkgraph
LC_ALL=C aureport -f -i | awk '/^[0-9]/ { printf "%s %s\n", $8, $4 }' | sort | uniq | ./mkgraph
LC_ALL=C aureport -s -i | awk '/^[0-9]/ { printf "%s %s\n", $4, $6 }' | sort | uniq | ./mkgraph
LC_ALL=C aureport -s -i | awk '/^[0-9]/ { printf "%s %s\n", $5, $4 }' | sort | uniq | ./mkgraph
Graphs can also be combined to illustrate complex relationships. See the comments in Section A.0, Creating Flow Graphs from the Audit Statistics for further information and an example. The graphs produced by this script are created in PostScript format by default, but you can change the output format by changing the EXT variable from ps to png or jpg. To cover a certain period of time only, use the -ts and -te options on aureport.