saddr value in connect()
lists_todd at mac.com
lists_todd at mac.com
Thu May 15 16:20:47 UTC 2014
Sorry for the long delay in getting back.
On May 6, 2014, at 10:55 AM, Steve Grubb <sgrubb at redhat.com> wrote:
> Out of curiosity, why don't you use auparse to write your BSM
> reformatter?
(1) I hadn’t run across the code repository until after you had mentioned it (I’ve only been actively looking at Linux auditing for a few weeks), and (2) I am still very much in the learning phase, trying to figure out what is in the data, what type of configuration I would like, etc.
I will take a look at auparse soon. I am particularly interested in performance. My first parsing effort is *way* too slow. I use C++ regex a lot, and that seems to be a problem.
If anyone is interested is seeing Linux audit data (along with BSM) on a Mac, I posted a blog entry along with a little video:
Analyzing Linux Audit Data
http://www.toddheberlein.com/blog/2014/5/13/analyzing-linux-audit-data
> We will likely be needing to make changes soon and it would insulate you from those kinds of issues.
Can I ask what type of changes and what is motivating the changes?
Thanks,
Todd
More information about the Linux-audit
mailing list