Date: Mon, 18 Nov 2019 22:59:24 +0000 From: Rahul Gopi <rahul_gopi@hotmail.com> To: "trustedbsd-discuss@freebsd.org" <trustedbsd-discuss@freebsd.org> Subject: Help enabling au_to_socket_ex for openbsm network events Message-ID: <BY5PR08MB6280053BC93EA34797D607A0E34D0@BY5PR08MB6280.namprd08.prod.outlook.com> In-Reply-To: <BY5PR08MB6280208DAD9312B14AEEC6FDE34D0@BY5PR08MB6280.namprd08.prod.outlook.com> References: <BY5PR08MB6280208DAD9312B14AEEC6FDE34D0@BY5PR08MB6280.namprd08.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
We are looking to enable creating of expanded socket type events in macos b= sm. Saw support for au_to_socket_ex in source but not sure how to enable th= is for openbsm via audit_event, audit_control et configuration files. Gre= atly appreciate any help in this regard. Platform MacOS , 10.14 from man audit.log The ``expanded socket'' token contains information about IPv4 and IPv6= sockets. A ``expanded socket'' token can be created using au_to_socket_ex(3). Field Bytes Description Token ID 1 byte Token ID Socket domain 2 bytes Socket domain Socket type 2 bytes Socket type Address type 2 byte Address type (IP= v4/IPv6) Local port 2 bytes Local port Local IP address 4/16 bytes Local IP address Remote port 2 bytes Remote port Remote IP address 4/16 bytes Remote IP addres= s Thanks and regards Rahul
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BY5PR08MB6280053BC93EA34797D607A0E34D0>