On Apr 8, 2014, at 11:25 PM, Burn Alting <b...@swtf.dyndns.org> wrote:
> All, > > Does there exist a repository of audit events that could be used to test > changes to the audit parsing code? > > Although turning on > > -a always,exit -F arch=b32 -S all > and > -a always,exit -F arch=b64 -S all > > for a while does tend to generate a lot of audit, but it's clearly not > exhaustive so I am hoping we have some repositories that are shareable > and one can test against. If anyone has links, please share with the lists. I would appreciate the data sources as well. I’ve started adding Linux audit analysis to my Mac-based tools, and more data for testing is always appreciated. Todd -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
