GitHub: https://github.com/openbsm/bsmtrace
BSMtrace is a utility that processes audit trails, or real-time audit feeds provided by audit pipes. It loads a set of finite state machines or sequences from the supplied configuration file and watches the audit streams for instances of these sequences.
BSMtrace depends on the TrustedBSD audit and OpenBSM services present in FreeBSD 6.2 and later. It can be discussed on the TrustedBSD audit mailing lists.