[METRON-393] Create a parser for Linux Audit (auditd) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: To Do
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Labels:
- ParserExtension
- platform

Description

Creating a parser for the Linux Audit system (auditd) which provides a way to track security-relevant information on a system. Based on pre-configured rules, Audit generates log entries to record as much information about the events that are happening on a system as possible.

Full description of the log format:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sec-Understanding_Audit_Log_Files.html
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sec-Audit_Record_Types.html

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Yohann

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 25/Aug/16 12:05

Updated:: 25/Aug/16 12:05