where can I find documentation on audit log formats?
Steve Grubb
sgrubb at redhat.com
Wed Oct 14 00:49:46 UTC 2015
On Tuesday, October 13, 2015 03:52:44 PM Bond Masuda wrote:
> I'm writing a tool to put audit logs into a database. I can guess at the
> format based on samples of logs I'm seeing, but I would feel better if I
> could find documentation that shows all the different types of audit log
> messages and what is in those messages.
Unfortunately, there is no reference that captures everything. I do have an
ausearch test suite that can aid in collating events so that you have one of
everything:
http://people.redhat.com/sgrubb/audit/ausearch-test-0.5.tar.gz
In it, run ./gather-logs as root. You might also find the aucoverage program
helpful in determining what's missing.
-Steve
More information about the Linux-audit
mailing list