On Fri, 24 Jun 2011 08:50:08 -0700, Jeremy Lee wrote:

The other log I set this up for was the auditd logs. I Googled around and found someone who had already done this, however it only seems to work with
PAM enabled:

http://blog.securestate.com/post/2010/09/03/Getting-OSSEC-To-Parse-Auditd.aspx

I have a very comprehensive auditd decoder that is just about ready. I'll post a link for people to check it out soon.

--
Michael Starks
[I] Immutable Security
http://www.immutablesecurity.com

Reply via email to