Hello, I traced the discussions on IDS mailing list about audit data format standardization. I think that the standard would be very useful indeed to achieve universalilty of audit trail analysis tools. In my project ASAX (Advanced Security audit trail Analysis on uniX) we developped a universal tool for efficient and powerful analysis of audit trails. In fact our approach applies to any sequential file. However, universality is achieved by adapting the native audit trail to a canonical format. The approach uses a rule-based language tailor- made to sequential analysis of (huge) files. (See my previous posting on ASAX) Our canonical format (NADF normalized audit data format) is close to the BER. Assuming that an audit record is a collection of audit data, its conversion to NADF amounts (briefly said) to replace each audit data by a triple: (identifier, length, value) <---------> <------> <-----> 2 bytes 2bytes length In your posting to the above list, you suggested to post the specification of the standard. I am very interested by this and also by documents on talks you made at IDS workshops. Any related material or pointers are wanted. Aziz- --------------------------------------------------------------- Abdelaziz Mounji, Institut d'Informatique, Advanced Security audit trail Analysis on uniX (ASAX) Facultes Universitaires de Namur (F.U.N.D.P.), rue Grandgagnage, 21 B-5000 Namur Belgium Tel: +32 81 724987 (Office) +32 81 221803 (Home) Fax: +32 81 724967 E-mail: amo@info.fundp.ac.be