aushape
aushape copied to clipboard
Scribery
A library and a tool for converting audit logs to XML and JSON
Hi, I followed the steps in the readme.md file on centos 7. All the installations are done. While running aushape audit.log inside /var/log/audit, I get the following error: "aushape: error...
hi, running "make" gives lot of errors. env: deb 9 ``` make all-recursive make[1]: Entering directory '/root/aushape' Making all in include make[2]: Entering directory '/root/aushape/include' Making all in aushape make[3]:...
The `auparse_normalize` function returns an error for following piece of audit.log: node=fedora24-dev type=NETFILTER_CFG msg=audit(1517172828.517:495): table=mangle family=10 entries=6 node=fedora24-dev type=SERVICE_STOP msg=audit(1517172829.797:496): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=firewalld comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=?...
Aushape produces garbage as the value of the "vm" field in Docker's VIRT_CONTROL records. Example input: type=VIRT_CONTROL msg=audit(1506334818.325:606): pid=1182 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:container_runtime_t:s0 msg='auid=1000 hostname=c3b752d5eceb vm=centos:7 vm-pid=17252 user=jkarasek exe=sleep reason=api...
Make sure the basic file output supports a format, which can easily be massaged into an Elasticsearch index or bulk API. This would help users try getting their existing audit...
Make parsed "data" output optional to allow session recording setups to only output normalized data (see #56), which might be enough for them.