auditd icon indicating copy to clipboard operation
auditd copied to clipboard

Published 20 hours ago verified publisher icon Neo23x0

IPv4 & IPv6 connections - Parsing/Logging Format Conundrum

Open softwcoder opened this issue 1 year ago • 1 comments
trafficstars

Hello,

Just wanted to take a moment to appreciate and thank you for this wonderful work as the audit.rules here is the one we used as a reference to adapt and create an auditing baseline for auditing our Linux fleet of machines in-order to achieve the goal of logging for further SIEM analysis. This has been incredibly useful for us so far in the testing phase.

However, I have observed that the logging of ipv4 & ipv6 connections are in a format which isn't human readable and need some parsing as I understand. Pardon my ignorance if I'm wrong here.

Could you please help me understand on how to parse those or, change the audit config in such a way to help us log it in a "dotted-decimal" format for easy analysis?

Regards, Abel

softwcoder avatar Sep 30 '24 18:09 softwcoder

Please post your involved audit.rules and an example what you get and what you expect

Pierre-Gronau-ndaal avatar Oct 09 '24 11:10 Pierre-Gronau-ndaal