OpenBSM: does somebody work on it?



Hello, Freebsd-security.

I'm trying to use audit, and has some problems. First one is
impossiblity to create custom event class, and second one I hit is
with auditreduce(1)

auditreduce doesn't filter events by date (-b/-a/-d options with any
arguments produces empty output), it doesn't merge files properly and
doesn't pick up files automagically, as Solaris' one does. It doesn't
have -C/-M/-O functionality of Solaris' one, too. So, proper merging
of audit trial files seems to be impossible :(

I could try to fix & extend auditreduce(1), but does somebdy but me
need it?

Does somebody use audit on FreeBSD on production systems?

--
// Black Lion AKA Lev Serebryakov <lev@xxxxxxxxxxx>

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: OpenBSM: does somebody work on it?
    ... I'm trying to use audit, ... impossiblity to create custom event class, and second one I hit is ... Does somebody use audit on FreeBSD on production systems? ... There are quite of few people that use OpenBSM in production on FreeBSD and Mac OS X that hang out on that list usually. ...
    (FreeBSD-Security)
  • Re: OpenBSM: does somebody work on it?
    ... On Wed, 29 Jun 2011, Stacey Son wrote: ... to create custom event class, and second one I hit is with auditreduce ... Does somebody use audit on FreeBSD on production systems? ... There are quite of few people that use OpenBSM in production on FreeBSD and Mac OS X that hang out on that list usually. ...
    (FreeBSD-Security)
  • Re: Who keeps restarting my web service?
    ... I hit Send to soon. ... you can audit process tracking andAudit system events. ... Microsoft Certified Trainer ...
    (microsoft.public.windows.server.general)