Aide (Advanced Intrusion Detection Environment) is described as "a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more." So, of course, one of the useful things that it does is output logs to help you keep track of what's happening on your system. In this new post on the PHP-Tools blog, they talk about the parsing of these same logs - with a little help from PHP.

Since we started hosting our sites on our own server we had some nasty cracker-attacks. To at least have a chance recognizing whether the system had been compromised we started to use aide some time ago. Aide keeps track of changes in the filesystem and provides us with a human-readable report once a day.

They note, though, that sometimes it's a valid change and not a security issue, so they employed the Util_AideAnalyzer package to help parse the logs into something useful. They give an example of what this looks like, including variations getting more specific data on certain aspects. They also point you in the right direction to get the Util_AideAnalyzer package installed on your system.