bsmtrace icon indicating copy to clipboard operation
bsmtrace copied to clipboard

Published 20 hours ago verified publisher icon openbsm

Documentation?

Open rhclayto opened this issue 6 years ago • 3 comments

Hi,

Is there any documentation for this? Google doesn't turn up much.

For instance, I run bsmtrace with a finite state machine matching logins. What does it do when it matches an event? Does it output information, notices, etc.? When I run it in foreground mode, I see the event was matched & it gives some information about it (auid, duration, priority, etc.). But how do I use this? Maybe pipe it to logger to send it into syslog? Is there some built in logging or notification functionality in bsmtrace? In other words, how do I use this to monitor the events it matches?

Edit: I found this: https://people.freebsd.org/~csjp/bsmtrace/bsmtrace.txt

Looks somewhat outdated.

Is there any way to set the output fields, format, etc?

rhclayto avatar Dec 16 '18 06:12 rhclayto

Sure we can help you out with this. Which OS are you running on?

csjayp avatar Dec 26 '18 03:12 csjayp

@csjayp How can I convince bsmtrace of sending notifications to syslog? (I can’t use the trigger "/usr/bin/logger … workaround because privileged user commands are monitored, too, so this would cause an infinite loop.) This is FreeBSD if it matters.

kai-burghardt avatar Nov 11 '23 00:11 kai-burghardt