Date: Wed, 29 Jun 2011 14:26:44 +0200 From: Patrick Proniewski <patpro@patpro.net> To: Lev Serebryakov <lev@FreeBSD.org> Cc: Liste FreeBSD-security <freebsd-security@freebsd.org> Subject: Re: OpenBSM: does somebody work on it? Message-ID: <B906D82B-077A-458C-BE67-EC27A825B4A8@patpro.net> In-Reply-To: <1191160420.20110629145915@serebryakov.spb.ru> References: <1191160420.20110629145915@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail-9-330722501 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 29 juin 2011, at 12:59, Lev Serebryakov wrote: > auditreduce doesn't filter events by date (-b/-a/-d options with any > arguments produces empty output), it doesn't merge files properly and > doesn't pick up files automagically, as Solaris' one does. It doesn't > have -C/-M/-O functionality of Solaris' one, too. So, proper merging > of audit trial files seems to be impossible :( >=20 > I could try to fix & extend auditreduce(1), but does somebdy but me > need it? >=20 > Does somebody use audit on FreeBSD on production systems? I do, almost (I've not finished my settup, but I'm auditing a production = server). May be you'll find this interesting: = http://forums.freebsd.org/showthread.php?t=3D23716#9 patpro= --Apple-Mail-9-330722501--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B906D82B-077A-458C-BE67-EC27A825B4A8>