Date: Sun, 17 Jul 2011 11:14:18 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Stacey Son <sson@FreeBSD.org> Cc: freebsd-security@freebsd.org, Lev Serebryakov <lev@freebsd.org> Subject: Re: OpenBSM: does somebody work on it? Message-ID: <alpine.BSF.2.00.1107171109181.75462@fledge.watson.org> In-Reply-To: <A945E553-0D06-4AF3-A855-B169F6D882D9@FreeBSD.org> References: <1191160420.20110629145915@serebryakov.spb.ru> <A945E553-0D06-4AF3-A855-B169F6D882D9@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 29 Jun 2011, Stacey Son wrote: >> I'm trying to use audit, and has some problems. First one is impossiblity >> to create custom event class, and second one I hit is with auditreduce(1) >> >> auditreduce doesn't filter events by date (-b/-a/-d options with any >> arguments produces empty output), it doesn't merge files properly and >> doesn't pick up files automagically, as Solaris' one does. It doesn't have >> -C/-M/-O functionality of Solaris' one, too. So, proper merging of audit >> trial files seems to be impossible :( >> >> I could try to fix & extend auditreduce(1), but does somebdy but me need >> it? >> >> Does somebody use audit on FreeBSD on production systems? > > FYI, a better place to discuss this would be the trustedbsd-audit mailing > list. There are quite of few people that use OpenBSM in production on > FreeBSD and Mac OS X that hang out on that list usually. Hi Lev: Just catching up on back e-mail, and bumped into this thread. Did you file PRs for these bugs? As Stacey mentions, the trustedbsd-audit mailing list is where most discussion of OpenBSM takes place. It's generally pretty quiet, but there are quite a few people using audit in production, and I'm sure they'd appreciate bug reports (and even fixes!). Robert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1107171109181.75462>