On Wed, 29 Jun 2011, Stacey Son wrote:
I'm trying to use audit, and has some problems. First one is impossiblity
to create custom event class, and second one I hit is with auditreduce(1)
auditreduce doesn't filter events by date (-b/-a/-d options with any
arguments produces empty output), it doesn't merge files properly and
doesn't pick up files automagically, as Solaris' one does. It doesn't have
-C/-M/-O functionality of Solaris' one, too. So, proper merging of audit
trial files seems to be impossible :(
I could try to fix & extend auditreduce(1), but does somebdy but me need
it?
Does somebody use audit on FreeBSD on production systems?
FYI, a better place to discuss this would be the trustedbsd-audit mailing
list. There are quite of few people that use OpenBSM in production on
FreeBSD and Mac OS X that hang out on that list usually.
Hi Lev:
Just catching up on back e-mail, and bumped into this thread. Did you file
PRs for these bugs? As Stacey mentions, the trustedbsd-audit mailing list is
where most discussion of OpenBSM takes place. It's generally pretty quiet,
but there are quite a few people using audit in production, and I'm sure
they'd appreciate bug reports (and even fixes!).
Robert
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"