Pavel Niedoba

Asked: 2016-10-11 08:23:18 +0800 CST2016-10-11 08:23:18 +0800 CST 2016-10-11 08:23:18 +0800 CST

sealert takes very long on centos7

I'm trying to human read /var/log/audit/audit.log file on centos7. I came with command

sealert -a /var/log/audit/audit.log

which works fine on one machine, there is initial scan which takes second or so, but on another one scan goes on for about 30 minutes and is still on 40%. It cannot be stopped by ctrl-c. I also tried to remove audit.log so it's almost empty but there was no speedup.

Both of these machines are virtual and run on same host

I found out that many alerts were generated by my apache, so I disabled selinux using

setenforce 0

and removed old audit.log.X files but its still same slow (and keeps slowing so it might never finish) sealert process is using one core permanently at 25% of CPU and 1gig of RAM.

is there any other way I can analyze selinux log files from cli ?

sealert takes very long on centos7

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

sealert takes very long on centos7

0 Answers