* where can I find documentation on audit log formats?
@ 2015-10-13 22:52 Bond Masuda
2015-10-14 0:49 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: Bond Masuda @ 2015-10-13 22:52 UTC (permalink / raw)
To: linux-audit
I'm writing a tool to put audit logs into a database. I can guess at the
format based on samples of logs I'm seeing, but I would feel better if I
could find documentation that shows all the different types of audit log
messages and what is in those messages.
Thanks
Bond
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: where can I find documentation on audit log formats?
2015-10-13 22:52 where can I find documentation on audit log formats? Bond Masuda
@ 2015-10-14 0:49 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2015-10-14 0:49 UTC (permalink / raw)
To: linux-audit
On Tuesday, October 13, 2015 03:52:44 PM Bond Masuda wrote:
> I'm writing a tool to put audit logs into a database. I can guess at the
> format based on samples of logs I'm seeing, but I would feel better if I
> could find documentation that shows all the different types of audit log
> messages and what is in those messages.
Unfortunately, there is no reference that captures everything. I do have an
ausearch test suite that can aid in collating events so that you have one of
everything:
http://people.redhat.com/sgrubb/audit/ausearch-test-0.5.tar.gz
In it, run ./gather-logs as root. You might also find the aucoverage program
helpful in determining what's missing.
-Steve
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-10-14 0:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-10-13 22:52 where can I find documentation on audit log formats? Bond Masuda
2015-10-14 0:49 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).