[364] in Intrusion Detection Systems
Decoding BSM audit trail
daemon@ATHENA.MIT.EDU (Aziz MOUNJI)
Mon Oct 9 06:23:56 1995
Date: Mon, 9 Oct 1995 14:00:50 +1000
From: amo@info.fundp.ac.be (Aziz MOUNJI)
To: ids@uow.edu.au
Cc: amo.pascal.info.fundp.ac.be@fundp.ac.be
Reply-To: ids@uow.edu.au
Hi all,
I want to convert the BSM audit trail format to ASAX private
format (NADF). I looked at the system documents but just can't
bring myself to understand them. I looked at man audit.log
but there, they speak of tokens in an audit record. What I
wanted to know is *how* audit records are built from these tokens.
More precisely, are tokens simply contiguous, or is there some
padding bytes to ensure alignment, or is there a structure
declaration for an entire audit record, ... ???
The only conclusion I have at the time is that there is only
a notion of tokens and it up to the application to figure out
the sequencE of tokens comprising an audit record.
Sorry about this level of details and thanks for responding.
Aziz.
PS: I am running the SunOS 5.4 BSM
--------------------------+-------------------------------------
| Abdelaziz Mounji | amo@info.fundp.ac.be |
| ASAX project | http://www.info.fundp.ac.be/~amo |
| Institut d'Informatique | voice: +32 81 724987 |
| University of Namur | Fax : +32 81 724967 |
----------------------------------------------------------------
