Hi Wim, Thanks for the link!
Does that mean that there is no way to do this at all on Solaris machines earlier than 10? (We have a variety.) Cheers, -Alisha On Dec 17, 5:38 am, Wim Remes <[email protected]> wrote: > Alisha, > > Solaris (10 only!) has an option to dump BSM logs to > syslog.http://www.cuddletech.com/blog/pivot/entry.php?id=647 > > configure this, point ossec to the syslog (format is obviously syslog) > and you're done. > > Cheers, > > Wim > > > > On Wed, Dec 16, 2009 at 11:37 PM, Alisha Kloc <[email protected]> > wrote: > > Hello, > > > Are there instructions anywhere for setting up OSSEC to read Solaris > > BSM audit logs? As of v. 1.5, OSSEC lists support for Solaris BSM, and > > I've found posts by people who say they are doing it, but nowhere can > > I find instructions on how to actually make it happen. > > > Can I just point OSSEC at the directory where BSM stores its binary > > logs? If so, what log format must be specified in the <log_format> tag > > in the configuration file? Or do I need a script which translates BSM > > binary logs to another format? If so, what options/tags/commands/etc > > are needed to get the records formatted correctly in the output file, > > so that OSSEC can parse the logs? > > > Thanks in advance for your help! > > -Alisha > > -- > Wim Remes > Security Afficionado
