Re: Repository of audit events
On Apr 8, 2014, at 11:25 PM, Burn Alting <burn(a)swtf.dyndns.org> wrote:
All,
Does there exist a repository of audit events that could be used to test
changes to the audit parsing code?
Although turning on
-a always,exit -F arch=b32 -S all
and
-a always,exit -F arch=b64 -S all
for a while does tend to generate a lot of audit, but it's clearly not
exhaustive so I am hoping we have some repositories that are shareable
and one can test against.
If anyone has links, please share with the lists. I would appreciate the data sources as
well.
I’ve started adding Linux audit analysis to my Mac-based tools, and more data for testing
is always appreciated.
Todd