- Vinay Kumar Gorle 1224671734 vgorle@asu.edu
- Jyoti 1224121327 jnolas15@asu.edu
- Janardhan Manthena 1224389556 mjanardh@asu.edu
The sequential records of data that are important and/or necessary to upholding the system's security are contained in an audit log. One can find precise information on the actions or changes that have affected a certain system operation, event, or process in these records. Typically, audit logs include specific information on the source address, destination, user login information, and a time stamp. They also maintain track of which sources were viewed. The challenge handled in this project is to evaluate logs which are generated by logging tools (sysdig) and visually plot a graph which is easy to understand by an end user This project is divided into 3 parts.
Every log generated by sysdig is passed into a tuple which consists of subject, action and object. Here the subject is the process, object is the resource and the action performed by process on the resource.
The tuples were plotted in the form of a graph which can be easily visualized and understood. The direction of the edges depends upon the action performed by the process, if the action is anything related to write (send message, write ) the edge points the resource else the edge will point the process.
the above generated graph represents a means to visualize the events logged but the end graph is very big that it cant be easily understood. To tackle this issue we provided a means which can perform backtracking on a specific node (POI) and retain only those nodes and edges which are responsible for the point of interest (POI) node to occur