auditd log dir is /var/log/audit
- python3
- Make sure that auditd logs to /var/log/audit or set environment variable AUQUERY_LOG_DIR to a directory where logs are located.
- Make sure that user who run auquery is able to read to AUQERY_LOG_DIR
pip install auquery
auquery or sudo auquery
- Parse audit logs directly from kernel (without log files dependency)