From owner-freebsd-security@FreeBSD.ORG  Wed Jun 29 13:39:27 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2D996106564A;
	Wed, 29 Jun 2011 13:39:27 +0000 (UTC)
	(envelope-from sson@FreeBSD.org)
Received: from ns1.son.org (son.org [65.48.68.179])
	by mx1.freebsd.org (Postfix) with ESMTP id E62F38FC12;
	Wed, 29 Jun 2011 13:39:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by ns1.son.org (Postfix) with ESMTP id D8E0CF6E6DE;
	Wed, 29 Jun 2011 08:21:09 -0500 (CDT)
Received: from ns1.son.org ([127.0.0.1])
	by localhost (ns1.dev-random.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 4UCnvXBmkD9h; Wed, 29 Jun 2011 08:21:06 -0500 (CDT)
Received: from nextstepng.son.org (adsl-76-203-224-96.dsl.rcsntx.sbcglobal.net
	[76.203.224.96]) by ns1.son.org (Postfix) with ESMTP id 2E1E3F6E6D7;
	Wed, 29 Jun 2011 08:21:06 -0500 (CDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Stacey Son <sson@FreeBSD.org>
X-Priority: 3 (Normal)
In-Reply-To: <1191160420.20110629145915@serebryakov.spb.ru>
Date: Wed, 29 Jun 2011 08:21:03 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <A945E553-0D06-4AF3-A855-B169F6D882D9@FreeBSD.org>
References: <1191160420.20110629145915@serebryakov.spb.ru>
To: Lev Serebryakov <lev@freebsd.org>
X-Mailer: Apple Mail (2.1084)
X-Mailman-Approved-At: Wed, 29 Jun 2011 14:30:15 +0000
Cc: freebsd-security@freebsd.org, developers@freebsd.org
Subject: Re: OpenBSM: does somebody work on it?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2011 13:39:27 -0000


On Jun 29, 2011, at 5:59 AM, Lev Serebryakov wrote:

> Hello, Freebsd-security.
>=20
>  I'm trying to use audit, and has some problems. First one is
> impossiblity to create custom event class, and second one I hit is
> with auditreduce(1)
>=20
>  auditreduce doesn't filter events by date (-b/-a/-d options with any
> arguments produces empty output), it doesn't merge files properly and
> doesn't pick up files automagically, as Solaris' one does. It doesn't
> have -C/-M/-O functionality of Solaris' one, too. So, proper merging
> of audit trial files seems to be impossible :(
>=20
>  I could try to fix & extend auditreduce(1), but does somebdy but me
> need it?
>=20
>  Does somebody use audit on FreeBSD on production systems?


FYI, a better place to discuss this would be the trustedbsd-audit =
mailing list.  There are quite of few people that use OpenBSM in =
production on FreeBSD and Mac OS X that hang out on that list usually.

Regards,

-stacey.=