Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE Manual page 91

Chapter 6. Tools for Manipulating and Analyzing SELinux 77
Figure 6-1. seaudit Showing $AUDIT_LOG
6.2.1. Arranging Your Views in seaudit
There are several features to seaudit that make it easier to work with the audit messages. The first
happens simply by loading a log into seaudit. You find only the SELinux log entries are displayed,
with all of the data fields in the log message divided into columns. Clicking on the top of a column
sorts the records by that column.
off to toggle the log watching.
If you want real time monitoring of the log file, click on Monitor
Clicking on the button again turns monitoring off.
Column sorting only supports one level, meaning you can only sort by a single column. The Other
column is not a sort option. In order to sort by more fields, use the filter capability through View
= Modify or the Modify view button. The window that pops up manages your filters, letting you
control, edit, save (Export), and load (Import) the filters, as well as save the entire view: