Week 5 / Non-BSM to BSM Conversion Tools /

[Mateusz Piotrowski]

Hi,

This week I’ve finally finished my exams and had some time to focus on my project.

I’ve started to implement a tool / library which will parse Linux Audit logs and convert them to a BSM log file.

For the time being I do not focus on any mapping between the Linux Audit format and the BSM format.

A Linux Audit log is made of events. An event is made of records. A record is made of a type, a timestamp, an id and some other records fields. A BSM record (which is made of tokens) is more or less a Linux Audit event. Most of the information stored in the Linux Audit event’s records can be more or less translated to tokens in a BSM record. At the moment I am not implement the conversion from Linux Audit records to BSM tokens; the records are parsed and the data is stored inside the BSM text tokens. I plan to finish this part during the following week. 

You can check out my latest branch: [2].

My main branch is here: [1].


Cheers!

-Mateusz

PS https://media.giphy.com/media/wJEeKGplvQwr6/giphy.gif <https://media.giphy.com/media/wJEeKGplvQwr6/giphy.gif>

[1]: https://github.com/0mp/freebsd/pull/9 <https://github.com/0mp/freebsd/pull/9>
[2]: https://github.com/0mp/freebsd/pull/16 <https://github.com/0mp/freebsd/pull/16>