Date: Wed, 29 Jun 2011 08:21:03 -0500 From: Stacey Son <sson@FreeBSD.org> To: Lev Serebryakov <lev@freebsd.org> Cc: freebsd-security@freebsd.org, developers@freebsd.org Subject: Re: OpenBSM: does somebody work on it? Message-ID: <A945E553-0D06-4AF3-A855-B169F6D882D9@FreeBSD.org> In-Reply-To: <1191160420.20110629145915@serebryakov.spb.ru> References: <1191160420.20110629145915@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 29, 2011, at 5:59 AM, Lev Serebryakov wrote: > Hello, Freebsd-security. >=20 > I'm trying to use audit, and has some problems. First one is > impossiblity to create custom event class, and second one I hit is > with auditreduce(1) >=20 > auditreduce doesn't filter events by date (-b/-a/-d options with any > arguments produces empty output), it doesn't merge files properly and > doesn't pick up files automagically, as Solaris' one does. It doesn't > have -C/-M/-O functionality of Solaris' one, too. So, proper merging > of audit trial files seems to be impossible :( >=20 > I could try to fix & extend auditreduce(1), but does somebdy but me > need it? >=20 > Does somebody use audit on FreeBSD on production systems? FYI, a better place to discuss this would be the trustedbsd-audit = mailing list. There are quite of few people that use OpenBSM in = production on FreeBSD and Mac OS X that hang out on that list usually. Regards, -stacey.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A945E553-0D06-4AF3-A855-B169F6D882D9>