[email protected] wrote: > I’m writing my own parsing code to add Linux analysis to my Mac-based > BSM audit analysis tools, so I might be asking some “out of left > field” questions from time to time. I’ve been working my way through > decoding things like the sockaddr hex blob.
Out of curiosity, why don't you use auparse to write your BSM reformatter? I used it to reformat audit events into IDMEF events. Its used for zos log aggregator. We will likely be needing to make changes soon and it would insulate you from those kinds of issues. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
