* where can I find documentation on audit log formats? @ 2015-10-13 22:52 Bond Masuda 2015-10-14 0:49 ` Steve Grubb 0 siblings, 1 reply; 2+ messages in thread From: Bond Masuda @ 2015-10-13 22:52 UTC (permalink / raw) To: linux-audit I'm writing a tool to put audit logs into a database. I can guess at the format based on samples of logs I'm seeing, but I would feel better if I could find documentation that shows all the different types of audit log messages and what is in those messages. Thanks Bond ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: where can I find documentation on audit log formats? 2015-10-13 22:52 where can I find documentation on audit log formats? Bond Masuda @ 2015-10-14 0:49 ` Steve Grubb 0 siblings, 0 replies; 2+ messages in thread From: Steve Grubb @ 2015-10-14 0:49 UTC (permalink / raw) To: linux-audit On Tuesday, October 13, 2015 03:52:44 PM Bond Masuda wrote: > I'm writing a tool to put audit logs into a database. I can guess at the > format based on samples of logs I'm seeing, but I would feel better if I > could find documentation that shows all the different types of audit log > messages and what is in those messages. Unfortunately, there is no reference that captures everything. I do have an ausearch test suite that can aid in collating events so that you have one of everything: http://people.redhat.com/sgrubb/audit/ausearch-test-0.5.tar.gz In it, run ./gather-logs as root. You might also find the aucoverage program helpful in determining what's missing. -Steve ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-10-14 0:49 UTC | newest] Thread overview: 2+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-10-13 22:52 where can I find documentation on audit log formats? Bond Masuda 2015-10-14 0:49 ` Steve Grubb
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).