Thanks for the information, I'd definitely be testing audit on 7.0 And great paper! I really enjoyed the read -----Original Message----- From: Robert Watson [mailto:rwatson_at_FreeBSD.org] Sent: May 7, 2008 7:24 PM To: Jonathan Bond-Caron Cc: freebsd-current_at_freebsd.org Subject: Re: Freebsd auditing in 7.0? On Wed, 7 May 2008, Jonathan Bond-Caron wrote: > I recently read this paper: > http://www.trustedbsd.org/20060303-ukuug2006lisa-audit.pdf > > I'm wondering if there are any new features in 7.0 for auditing freebsd and > if audit is included in the base? Changes between audit as shipped in 6.2 and 7.0 are largely incremental -- support for printing audit records as XML, better support for emulation environments such as 32-bit binaryes on 64-bit systems, Linux-emulated binaries, improved IPv6 support, etc. > I've been using syslog-ng on 6.2 for some time but audit looks more rigorous > to track system events & changes. Are there auditing options in 7.0 that > allow sending logs to a central server over SSL? Or any recommendations > other then syslog-ng? > > The goal is track more system events & centralize the log files at a central > server. Last year we had a GSoC project looking at distributed auditing, but I'm not sure there was a usable end result (perhaps someone else can point us at it if so). I'm aware of one on-going project looking at SSL-enabled distributed log parts, but I'm not sure if the author is willing to turn himself in as-yet. Perhaps soon :-). I would certainly anticipate that this is a feature we will ship in the future, but any dates would be hand-waving at this point, unfortunately. Robert N M Watson Computer Laboratory University of CambridgeReceived on Thu May 08 2008 - 11:08:09 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:30 UTC