Week 5 / Non-BSM to BSM Conversion Tools /
Mateusz Piotrowski
0mp at FreeBSD.org
Mon Jun 27 20:42:32 UTC 2016
Hi,
This week I’ve finally finished my exams and had some time to focus on my project.
I’ve started to implement a tool / library which will parse Linux Audit logs and convert them to a BSM log file.
For the time being I do not focus on any mapping between the Linux Audit format and the BSM format.
A Linux Audit log is made of events. An event is made of records. A record is made of a type, a timestamp, an id and some other records fields. A BSM record (which is made of tokens) is more or less a Linux Audit event. Most of the information stored in the Linux Audit event’s records can be more or less translated to tokens in a BSM record. At the moment I am not implement the conversion from Linux Audit records to BSM tokens; the records are parsed and the data is stored inside the BSM text tokens. I plan to finish this part during the following week.
You can check out my latest branch: [2].
My main branch is here: [1].
Cheers!
-Mateusz
PS https://media.giphy.com/media/wJEeKGplvQwr6/giphy.gif <https://media.giphy.com/media/wJEeKGplvQwr6/giphy.gif>
[1]: https://github.com/0mp/freebsd/pull/9 <https://github.com/0mp/freebsd/pull/9>
[2]: https://github.com/0mp/freebsd/pull/16 <https://github.com/0mp/freebsd/pull/16>
More information about the soc-status
mailing list