Help enabling au_to_socket_ex for openbsm network events
Rahul Gopi
rahul_gopi at hotmail.com
Mon Nov 18 22:59:29 UTC 2019
We are looking to enable creating of expanded socket type events in macos bsm. Saw support for au_to_socket_ex in source but not sure how to enable this for openbsm via audit_event, audit_control et configuration files. Greatly appreciate any help in this regard.
Platform MacOS , 10.14
from man audit.log
The ``expanded socket'' token contains information about IPv4 and IPv6 sockets. A
``expanded socket'' token can be created using au_to_socket_ex(3).
Field Bytes Description
Token ID 1 byte Token ID
Socket domain 2 bytes Socket domain
Socket type 2 bytes Socket type
Address type 2 byte Address type (IPv4/IPv6)
Local port 2 bytes Local port
Local IP address 4/16 bytes Local IP address
Remote port 2 bytes Remote port
Remote IP address 4/16 bytes Remote IP address
Thanks and regards
Rahul
More information about the trustedbsd-discuss
mailing list