Repository of audit events
lists_todd at mac.com
lists_todd at mac.com
Wed Apr 9 16:33:06 UTC 2014
On Apr 8, 2014, at 11:25 PM, Burn Alting <burn at swtf.dyndns.org> wrote:
> All,
>
> Does there exist a repository of audit events that could be used to test
> changes to the audit parsing code?
>
> Although turning on
>
> -a always,exit -F arch=b32 -S all
> and
> -a always,exit -F arch=b64 -S all
>
> for a while does tend to generate a lot of audit, but it's clearly not
> exhaustive so I am hoping we have some repositories that are shareable
> and one can test against.
If anyone has links, please share with the lists. I would appreciate the data sources as well.
I’ve started adding Linux audit analysis to my Mac-based tools, and more data for testing is always appreciated.
Todd
More information about the Linux-audit
mailing list