You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by "Yohann (JIRA)" <ji...@apache.org> on 2016/08/25 12:06:20 UTC

[jira] [Created] (METRON-393) Create a parser for Linux Audit (auditd)

Yohann created METRON-393:
-----------------------------

             Summary: Create a parser for Linux Audit (auditd)
                 Key: METRON-393
                 URL: https://issues.apache.org/jira/browse/METRON-393
             Project: Metron
          Issue Type: New Feature
            Reporter: Yohann


Creating a parser for the Linux Audit system (auditd) which provides a way to track security-relevant information on a system. Based on pre-configured rules, Audit generates log entries to record as much information about the events that are happening on a system as possible.

Full description of the log format:
- https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sec-Understanding_Audit_Log_Files.html
- https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sec-Audit_Record_Types.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)