Hello, Freebsd-security. I'm trying to use audit, and has some problems. First one is impossiblity to create custom event class, and second one I hit is with auditreduce(1)
auditreduce doesn't filter events by date (-b/-a/-d options with any arguments produces empty output), it doesn't merge files properly and doesn't pick up files automagically, as Solaris' one does. It doesn't have -C/-M/-O functionality of Solaris' one, too. So, proper merging of audit trial files seems to be impossible :( I could try to fix & extend auditreduce(1), but does somebdy but me need it? Does somebody use audit on FreeBSD on production systems? -- // Black Lion AKA Lev Serebryakov <l...@freebsd.org> _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
