2008/8/15, Steve Grubb <[EMAIL PROTECTED]>: > On Friday 15 August 2008 09:58:54 Matteo Michelini wrote: >> I'm working on a binary format for the linux-audit system as part of a >> university research project. > > Big-endian/little-endian in aggregated logs? Will the kernel authors allow > the > encoder in the kernel? XDR was the only option we had last time. Versioning > of structs? How do old user space tools work with new kernel that may change > layout? Patents? > I must design and implement something that is really close to the FreeBSD BSM implementation, because in userspace we have a tool (an IDS) that works with BSM trails format only. I'm designing the patch with the big-endian encoding format. My idea is only to add this capability to the existing text-based format. The FreeBSD BSM implementation is BSD License..
> -Steve > -- Matteo Michelini (Milan - Italy) http://www.michelini.co.uk Linux registered user: #332873 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
