Anthony Johnson writes:
> This seems overboard to suggest a project for the addition of an
> auditd plugin, but I didn't see any other way to be able to get the
> code that I am about to write into the base source control.
I suspect you can file an RFE via bugs.opensolaris.org, sign a
contributor agreement, and contribute the code.
> Basically, I was going to use the audit_syslog plugin for auditd to
> send login/logout information to a remote syslogd host
That part seems ok.
> and then
> parse that output and send it to a snmp trap daemon.
That part doesn't. The audit_syslog(5) man page says this:
| message format | Unstable |
|_____________________________|_____________________________|
| message content | Unstable |
In other words, you can't depend on the format or content of those
messages. If you do, your application may fall apart without warning.
> 3. The creation of a new auditd plugin named
> snmptrap(/on/usr/src/lib/auditd_plugins/snmptrap) which would be loadable
> through /etc/security/audit_control via the same method as audit_syslog.so.
> This plugin would send traps to the traphost defined in the snmpd.conf in
> /etc/. Special traps will be created for start/end operations(login start,
> login out) which will provide the ability to have applications like HP
> OpenView and NetCool to autoclear the SNMP Trap events.
That sounds like a good idea to me. The only problem might be the
stability of the underlying interfaces, but that's something for a
project to work out.
--
James Carlson, KISS Network <[EMAIL PROTECTED]>
Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
_______________________________________________
opensolaris-discuss mailing list
[email protected]
