Re: Repository of audit events

Wednesday, 9 April 2014

To the best of my knowledge there is no way to generate every record
type.  I did send sgrubb the beginnings of me trying to write a suite of
programs to exercise some of them for hopeful eventual inclusion in the
auparse checker tool...

I really think such a thing would be useful...

On Wed, 2014-04-09 at 16:25 +1000, Burn Alting wrote:
...
 All,

 Does there exist a repository of audit events that could be used to test
 changes to the audit parsing code?

 Although turning on 

 -a always,exit -F arch=b32 -S all
 and
 -a always,exit -F arch=b64 -S all

 for a while does tend to generate a lot of audit, but it's clearly not
 exhaustive so I am hoping we have some repositories that are shareable
 and one can test against.

 Rgds

 --
 Linux-audit mailing list
 Linux-audit(a)redhat.com
 https://www.redhat.com/mailman/listinfo/linux-audit 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: Repository of audit events