From mboxrd@z Thu Jan 1 00:00:00 1970 From: "John Calcote" Subject: audit record content Date: Wed, 08 Nov 2006 16:54:12 -0700 Message-ID: <45520BB4.37FF.0081.0@novell.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=__Part25013F34.0__=" Return-path: Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id kA8NrQSU029616 for ; Wed, 8 Nov 2006 18:53:26 -0500 Received: from sinclair.provo.novell.com (sinclair.provo.novell.com [137.65.248.137]) by mx3.redhat.com (8.13.1/8.13.1) with ESMTP id kA8NqJdo028901 for ; Wed, 8 Nov 2006 18:52:37 -0500 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com --=__Part25013F34.0__= Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline As far as I can tell, this forum has focused mainly on transport, performance, security and integrity issues. Indeed, these are all critical issues relative to audit, but is not audit record content just as important? If we spend all of our time managing the low-level transport issues, what does it avail us if only garbage is audited? I've been working at the content level in an effort to standardize the record format. I've begun with the Open Group's XDAS standard as a baseline. The project is on sourceforge and it's called OpenXDAS. Back-end loggers are pluggable, and LAF is already supported on providing platforms. Will some of you folks kindly take a few minutes of your time to look at the project and tell me what you think? I really want to make some traction here, and I think your good opinions are worth a lot. I'm open to suggestion, and would love to get some feedback. http://openxdas.sourceforge.net http://www.sourceforge.net/projects/openxdas Thanks, John ----- John Calcote (jcalcote@novell.com) Sr. Software Engineeer Novell, Inc. --=__Part25013F34.0__= Content-Type: text/plain; name="John Calcote.vcf" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="John Calcote.vcf" BEGIN:VCARD VERSION:2.1 X-GWTYPE:USER FN:John Calcote TEL;WORK:1-801-861-7517 ORG:;Unified Identity System Eng TE TEL;PREF;FAX:801/861-2292 EMAIL;WORK;PREF;NGW:JCALCOTE@novell.com N:Calcote;John;;Sr. Software Engineer TITLE:Sr. Software Engineer ADR;DOM;WORK;PARCEL;POSTAL:;PRV-H-511;;Provo LABEL;DOM;WORK;PARCEL;POSTAL;ENCODING=3DQUOTED-PRINTABLE:John Calcote=3D0A= =3D PRV-H-511=3D0A=3D Provo END:VCARD --=__Part25013F34.0__= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --=__Part25013F34.0__=--