some questions about Linux audit
358123097
358123097 at qq.com
Fri Jun 9 01:46:48 UTC 2017
Dear Sir/Madam,
Hello, I‘am a Chinese student, now I studying Linux audit and having some problems. I want to collect some information from network,such as the accessor’s IP and port. I defined a audit rule in machine A as follow, then I used “ping” and “vsftpd” programs to test audit. For example, I run "ping A" in another machine, I can't collect any information in A's audit log. In addition, I run "ssh A" , then I get some incomprehensible records that display in the picture below(eg saddr=inet6 host:::1 serv:45983 and saddr=inet6 host:::ffff:127.0.0.1 serv:41573).
-a always,exit -F arch=b64 -S connect -S getsockname -S getpeername
Looking forward to your reply!
Your sincerely,
Yingjie Tang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20170609/698f23cf/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: EFD706CC at 4A4DB562.08FE3959.png.jpg
Type: image/jpeg
Size: 134271 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20170609/698f23cf/attachment.jpg>
More information about the Linux-audit
mailing list