Generating detailed audit trails of your computer systems' activities should be a standard part of your security practice. The auditing system is like an airplane's flight recorder system for your computer. When something goes wrong, it can be the most valuable source of data to reconstruct exactly what happened and hopefully prevent a reoccurrence.
Audit data can also be your best source of data to detect something is wrong long before it becomes apparent through other means (like when the FBI shows up to tell you they found your data on a computer in Eastern Europe).
Quickly detecting and accurately understanding a problem can save headaches and untold financial losses.
Unfortunately, properly setting up and then analyzing audit data can be a challenge. This is where Audit Viewer comes in.
Audit Viewer is an audit record viewer. It lets you dig deep into the details of what processes are doing on your computer. If you collect and archive your audit trails regularly, you can go back in time and reconstruct events, something live process analysis cannot do.
Find some malware on your computer? Let Audit Viewer show you exactly what that malware did.
Unsure whether your audit system is configured correctly? Use Audit Viewer to verify that you can find the data you think should be there.
The following sections should get you started using Audit Viewer and get you on your way to building a more secure network.
Getting Started shows you how to start analyzing audit trails. You begin by downloading some sample audit trail files to get your feet wet, and it shows you how to analyze your own audit data.
Details looks at each section of the analysis window.
Preferences documents the different settings you can control.
Downloads describes the sample audit data and audit_control files you can download.
Overview gives a summary of Apple's BSM auditing system. This will help you understand where Audit Viewer fits into the overall auditing picture. This is a good place to get started if you are new to Apple's BSM auditing system.
Helpful Hints helps you get the most out of Audit Viewer by describing some solutions to common problems and answers some questions you might have.
Contact Us provides email links to send us feedback. If you have found a bug or want a new feature in a future version, contact us from here.