Date: Sat, 9 May 2009 18:31:57 +0100 From: River Tarnell <river@loreley.flyingparchment.org.uk> To: freebsd-questions@freebsd.org Subject: connect() records in BSM auditing Message-ID: <20090509173157.GO17743@loreley.flyingparchment.org.uk>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi, i'm using BSM auditing on 7.2-RELEASE to log network connections. i enabled 'nt' in audit_control: flags:lo,ad,+ex,na,+nt when examining the audit log with praudit, i see records for connect() calls: header,68,10,connect(2),0,Sat May 9 16:00:00 2009, + 560 msec subject,rriver,root,wheel,root,wheel,43709,835,15007,255.255.255.255 return,success,0 trailer,68 however, i don't see that the destination (or source) address is logged anywhere. i don't really see the point of auditing network activity without this information--is this a missing feature, or have i misconfigured something? thanks, river. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (HP-UX) iEYEARECAAYFAkoFvg0ACgkQIXd7fCuc5vKRFACeJaVKeRBe9OUyPU/j9HrfBVMw XYQAoIR7CAb/SqujCg1QIFUoVRFhyGnD =M1bm -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090509173157.GO17743>