Date: Mon, 18 Nov 2019 08:10:38 +0000 From: Rahul Gopi <rahul_gopi@hotmail.com> To: "trustedbsd-discuss@freebsd.org" <trustedbsd-discuss@freebsd.org> Subject: Enabling au_to_socket_ex for openbsm network events Message-ID: <BY5PR08MB6280208DAD9312B14AEEC6FDE34D0@BY5PR08MB6280.namprd08.prod.outlook.com>
index | next in thread | raw e-mail
Hi, is there any way to enable au_to_socket_ex via audit_control configuration ?. I am looking to get five tuple for network connections via auditd log. >From documentation found the following. But not sure how to enable this in auditd / openbsm - Interfaces to convert between local and BSM socket types and protocol families have been added: au_bsm_to_domain(3), au_bsm_to_socket_type(3), au_domain_to_bsm(3), and au_socket_type_to_bsm(3), along with definitions of constants in audit_domain.h and audit_socket_type.h Greatly appreciate any help. Regards Rahulhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BY5PR08MB6280208DAD9312B14AEEC6FDE34D0>