From owner-freebsd-current@FreeBSD.ORG  Wed May  7 13:34:01 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8B6111065671
	for <freebsd-current@freebsd.org>; Wed,  7 May 2008 13:34:01 +0000 (UTC)
	(envelope-from jbondc@openmv.com)
Received: from mail.ca.gdesolutions.com (mail.ca.gdesolutions.com
	[64.15.152.204])
	by mx1.freebsd.org (Postfix) with ESMTP id 441938FC0A
	for <freebsd-current@freebsd.org>; Wed,  7 May 2008 13:34:00 +0000 (UTC)
	(envelope-from jbondc@openmv.com)
Received: from localhost (localhost [127.0.0.1])
	by mail.ca.gdesolutions.com (Postfix) with ESMTP id D619F5C0F
	for <freebsd-current@freebsd.org>; Wed,  7 May 2008 09:17:08 -0400 (EDT)
X-Virus-Scanned: amavisd-new at gdesolutions.com
Received: from mail.ca.gdesolutions.com ([127.0.0.1])
	by localhost (mail.ca.gdesolutions.com [127.0.0.1]) (amavisd-new,
	port 10024)
	with ESMTP id FENAV8bRTSPo for <freebsd-current@freebsd.org>;
	Wed,  7 May 2008 09:17:04 -0400 (EDT)
Received: from jbondc (modemcable158.97-203-24.mc.videotron.ca [24.203.97.158])
	by mail.ca.gdesolutions.com (Postfix) with ESMTP id 24DE65C52
	for <freebsd-current@freebsd.org>; Wed,  7 May 2008 09:17:04 -0400 (EDT)
From: "Jonathan Bond-Caron" <jbondc@openmv.com>
To: <freebsd-current@freebsd.org>
Date: Wed, 7 May 2008 09:17:03 -0400
Message-ID: <000601c8b044$a4616490$ed242db0$@com>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AciwRKODBOCGDIdHTQakLN+BnZg+iQ==
Content-Language: en-ca
X-Mailman-Approved-At: Wed, 07 May 2008 15:41:50 +0000
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Freebsd auditing in 7.0?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 May 2008 13:34:01 -0000

Hi everyone, 

 

I recently read this paper:
http://www.trustedbsd.org/20060303-ukuug2006lisa-audit.pdf

I'm wondering if there are any new features in 7.0 for auditing freebsd and
if audit is included in the base?

 

I've been using syslog-ng on 6.2 for some time but audit looks more rigorous
to track system events & changes. Are there auditing options in 7.0 that
allow sending logs to a central server over SSL? Or any recommendations
other then syslog-ng?

 

The goal is track more system events & centralize the log files at a central
server.