Date: Mon, 27 Jun 2016 22:42:24 +0200 From: Mateusz Piotrowski <0mp@FreeBSD.org> To: soc-status@FreeBSD.org Subject: Week 5 / Non-BSM to BSM Conversion Tools / Message-ID: <5DA9F33B-A84A-4473-9488-01E276EA3387@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Hi, This week I=E2=80=99ve finally finished my exams and had some time to = focus on my project. I=E2=80=99ve started to implement a tool / library which will parse = Linux Audit logs and convert them to a BSM log file. For the time being I do not focus on any mapping between the Linux Audit = format and the BSM format. A Linux Audit log is made of events. An event is made of records. A = record is made of a type, a timestamp, an id and some other records = fields. A BSM record (which is made of tokens) is more or less a Linux = Audit event. Most of the information stored in the Linux Audit event=E2=80= =99s records can be more or less translated to tokens in a BSM record. = At the moment I am not implement the conversion from Linux Audit records = to BSM tokens; the records are parsed and the data is stored inside the = BSM text tokens. I plan to finish this part during the following week.=20= You can check out my latest branch: [2]. My main branch is here: [1]. Cheers! -Mateusz PS https://media.giphy.com/media/wJEeKGplvQwr6/giphy.gif = <https://media.giphy.com/media/wJEeKGplvQwr6/giphy.gif>; [1]: https://github.com/0mp/freebsd/pull/9 = <https://github.com/0mp/freebsd/pull/9>; [2]: https://github.com/0mp/freebsd/pull/16 = <https://github.com/0mp/freebsd/pull/16>=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5DA9F33B-A84A-4473-9488-01E276EA3387>