Date: Wed, 29 Jun 2011 14:59:15 +0400 From: Lev Serebryakov <lev@FreeBSD.org> To: freebsd-security@freebsd.org Cc: developers@freebsd.org Subject: OpenBSM: does somebody work on it? Message-ID: <1191160420.20110629145915@serebryakov.spb.ru>
next in thread | raw e-mail | index | archive | help
Hello, Freebsd-security. I'm trying to use audit, and has some problems. First one is impossiblity to create custom event class, and second one I hit is with auditreduce(1) auditreduce doesn't filter events by date (-b/-a/-d options with any arguments produces empty output), it doesn't merge files properly and doesn't pick up files automagically, as Solaris' one does. It doesn't have -C/-M/-O functionality of Solaris' one, too. So, proper merging of audit trial files seems to be impossible :( I could try to fix & extend auditreduce(1), but does somebdy but me need it? Does somebody use audit on FreeBSD on production systems? --=20 // Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1191160420.20110629145915>