Re: saddr value in connect()
lists_todd(a)mac.com wrote:
I’m writing my own parsing code to add Linux analysis to my
Mac-based
BSM audit analysis tools, so I might be asking some “out of left
field” questions from time to time. I’ve been working my way through
decoding things like the sockaddr hex blob.
Out of curiosity, why don't you use auparse to write your BSM
reformatter? I used it to reformat audit events into IDMEF events. Its
used for zos log aggregator. We will likely be needing to make changes
soon and it would insulate you from those kinds of issues.
-Steve