Re: For Help:How to read the BSM audit data

From: Helios (xu_hui@icst.pku.edu.cn)
Date: 04/10/02


From: Helios <xu_hui@icst.pku.edu.cn>
To: "focus-ids@securityfocus.com" <focus-ids@securityfocus.com>
Date: Wed, 10 Apr 2002 15:35:58 +0800

And some other questions:
I have overviewed the log files of Redhat 7.2 and the record format of wtmp
and pacct, but I have no BSM audit data. Who can tell me something about
Linux syslog vs. solaris BSM?
Does anyone think the audit data can give us enough reliable information to
detect attacks?

壓 佛豚屈 09 膨埖 2002 19:21Wei Wang 亟祇
> Hi,All:
> Solaris system generates audit data in BSM format, I have some BSM
> data,but I cant read them in the appropiate form, If any of you know of
> where I can look for explanations of audit events I would be truly
> grateful for your help.
> Ps,I have no solaris OS for exprience,but I have linux system.
>
>
>               Wei Wang
>               mailtowangwei@163.com
>                  2002-04-09

-- 
Xu Hui
Institute of Computer Science and Technology of Peiking University
mobile: 13681180447