Sorry for the long delay in getting back.
On May 6, 2014, at 10:55 AM, Steve Grubb <[email protected]> wrote:
> Out of curiosity, why don't you use auparse to write your BSM
> reformatter?
(1) I hadn’t run across the code repository until after you had mentioned it
(I’ve only been actively looking at Linux auditing for a few weeks), and (2) I
am still very much in the learning phase, trying to figure out what is in the
data, what type of configuration I would like, etc.
I will take a look at auparse soon. I am particularly interested in
performance. My first parsing effort is *way* too slow. I use C++ regex a lot,
and that seems to be a problem.
If anyone is interested is seeing Linux audit data (along with BSM) on a Mac, I
posted a blog entry along with a little video:
Analyzing Linux Audit Data
http://www.toddheberlein.com/blog/2014/5/13/analyzing-linux-audit-data
> We will likely be needing to make changes soon and it would insulate you from
> those kinds of issues.
Can I ask what type of changes and what is motivating the changes?
Thanks,
Todd
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
