> > We already have binary audit files that "BSM" audit creates and for
> > Solaris 10 added the ability to export them in XML.
>
> They don't duplicate the info in the syslog files though?
Just to this point. Solaris Audit records a local binary
file (possibly remote via NFS).
In parallel it will write some subset of that file
in a text format to syslog. The text format is not an interface
just as no syslog message is an interface. If a human sees
something of interest in the logs kept by syslog, they can go
and investigate further. Solaris Audit has the ability to
translate the local binary file to human readable still not an
interface, or XML which is intended to be an interface for
processing by other programs.
Gary..
_______________________________________________
networking-discuss mailing list
[email protected]
