selinux audit log forensic analyzer — free browser tool | fatcousin

drop /var/log/audit/audit.log · parse avc + syscall messages · runs locally

input

drop audit.log · audit.log.* · gzip rotations

or click

Select file

parses type=AVC and type=SYSCALL · comm · exe · scontext/tcontext · permissive · auid/uid/gid · key

limits

heuristic screener · partial lines / multiline records — best-effort parse · not definitive proof

status

>ready