connect() records in BSM auditing
River Tarnell
river at loreley.flyingparchment.org.uk
Sat May 9 17:32:01 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
i'm using BSM auditing on 7.2-RELEASE to log network connections. i enabled
'nt' in audit_control:
flags:lo,ad,+ex,na,+nt
when examining the audit log with praudit, i see records for connect() calls:
header,68,10,connect(2),0,Sat May 9 16:00:00 2009, + 560 msec
subject,rriver,root,wheel,root,wheel,43709,835,15007,255.255.255.255
return,success,0
trailer,68
however, i don't see that the destination (or source) address is logged
anywhere. i don't really see the point of auditing network activity without
this information--is this a missing feature, or have i misconfigured something?
thanks,
river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (HP-UX)
iEYEARECAAYFAkoFvg0ACgkQIXd7fCuc5vKRFACeJaVKeRBe9OUyPU/j9HrfBVMw
XYQAoIR7CAb/SqujCg1QIFUoVRFhyGnD
=M1bm
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list