OpenBSM: does somebody work on it?
- From: Lev Serebryakov <lev@xxxxxxxxxxx>
- Date: Wed, 29 Jun 2011 14:59:15 +0400
Hello, Freebsd-security.
I'm trying to use audit, and has some problems. First one is
impossiblity to create custom event class, and second one I hit is
with auditreduce(1)
auditreduce doesn't filter events by date (-b/-a/-d options with any
arguments produces empty output), it doesn't merge files properly and
doesn't pick up files automagically, as Solaris' one does. It doesn't
have -C/-M/-O functionality of Solaris' one, too. So, proper merging
of audit trial files seems to be impossible :(
I could try to fix & extend auditreduce(1), but does somebdy but me
need it?
Does somebody use audit on FreeBSD on production systems?
--
// Black Lion AKA Lev Serebryakov <lev@xxxxxxxxxxx>
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: OpenBSM: does somebody work on it?
- From: Stacey Son
- Re: OpenBSM: does somebody work on it?
- From: Patrick Proniewski
- Re: OpenBSM: does somebody work on it?
- Prev by Date: Re: How to add new audit class?
- Next by Date: Re: OpenBSM: does somebody work on it?
- Previous by thread: How to add new audit class?
- Next by thread: Re: OpenBSM: does somebody work on it?
- Index(es):
Relevant Pages
|
