You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "Yohann (JIRA)" <ji...@apache.org> on 2016/08/25 12:06:20 UTC
[jira] [Created] (METRON-393) Create a parser for Linux Audit
(auditd)
Yohann created METRON-393:
-----------------------------
Summary: Create a parser for Linux Audit (auditd)
Key: METRON-393
URL: https://issues.apache.org/jira/browse/METRON-393
Project: Metron
Issue Type: New Feature
Reporter: Yohann
Creating a parser for the Linux Audit system (auditd) which provides a way to track security-relevant information on a system. Based on pre-configured rules, Audit generates log entries to record as much information about the events that are happening on a system as possible.
Full description of the log format:
- https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sec-Understanding_Audit_Log_Files.html
- https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sec-Audit_Record_Types.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)