Decoding BSM audit trail

Aziz MOUNJI (amo@info.fundp.ac.be)
Mon, 9 Oct 1995 14:00:50 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Steve Smaha: "Re: Decoding BSM audit trail"
Previous message: Niels Provos: "Introduction"
Next in thread: Aziz MOUNJI: "Re: Decoding BSM audit trail"

Hi all,

	I want to convert the BSM audit trail format to ASAX private
	format (NADF). I looked at the system documents but just can't
	bring myself to understand them. I looked at man audit.log
	but there, they speak of tokens in an audit record. What I 
	wanted to know is *how* audit records are built from these tokens.
	More precisely, are tokens simply contiguous, or is there some
	padding bytes to ensure alignment, or is there a structure
	declaration for an entire audit record, ... ???

	The only conclusion I have at the time is that there is only 
	a notion of tokens and it up to the application to figure out 
	the sequencE of tokens comprising an audit record.

Sorry about this level of details and thanks for responding.

Aziz.

PS: I am running the SunOS 5.4 BSM
 --------------------------+-------------------------------------
| Abdelaziz Mounji	   |	amo@info.fundp.ac.be             |
| ASAX project		   |	http://www.info.fundp.ac.be/~amo |
| Institut d'Informatique  |	voice: +32 81 724987             |
| University of Namur  	   |	Fax  : +32 81 724967             |
 ----------------------------------------------------------------

Next message: Steve Smaha: "Re: Decoding BSM audit trail"
Previous message: Niels Provos: "Introduction"
Next in thread: Aziz MOUNJI: "Re: Decoding BSM audit trail"