Re: For Help:How to read the BSM audit data

From: Helios (xu_hui@icst.pku.edu.cn)
Date: 04/10/02


From: Helios <xu_hui@icst.pku.edu.cn>
To: "focus-ids@securityfocus.com" <focus-ids@securityfocus.com>
Date: Wed, 10 Apr 2002 15:35:58 +0800

And some other questions:
I have overviewed the log files of Redhat 7.2 and the record format of wtmp
and pacct, but I have no BSM audit data. Who can tell me something about
Linux syslog vs. solaris BSM?
Does anyone think the audit data can give us enough reliable information to
detect attacks?

壓 佛豚屈 09 膨埖 2002 19:21Wei Wang 亟祇
> Hi,All:
> Solaris system generates audit data in BSM format, I have some BSM
> data,but I cant read them in the appropiate form, If any of you know of
> where I can look for explanations of audit events I would be truly
> grateful for your help.
> Ps,I have no solaris OS for exprience,but I have linux system.
>
>
>               Wei Wang
>               mailtowangwei@163.com
>                  2002-04-09

-- 
Xu Hui
Institute of Computer Science and Technology of Peiking University
mobile: 13681180447



Relevant Pages

  • Re: Experiences using enhanced Solaris features: BSM, extended ACLs, RBAC
    ... but BSM is often like Pandora's box. ... data storage and a plan for processing the audit results and ... Subject: Experiences using 'enhanced' Solaris features: BSM, extended ACLs, RBAC ...
    (Focus-SUN)
  • Re: BSM auditng in Soalris 10
    ... > How can I configure BSM to weed out some of the deletions from being ... which you can define audit exceptions for certain users. ... Prev by Date: ...
    (comp.unix.solaris)
  • [Q] BSM audit_user file
    ... During setting up BSM in Solaris8 on Ultra10 workstation, ... I willing to audit all users including root and not to audit at all ... When user logins as "foo", ...
    (comp.security.unix)
  • BSM tool
    ... Is there any graphic tool to audit the BSM files??? ... Regards, ... Leonardo ...
    (Focus-SUN)