On Jun 29, 2011, at 5:59 AM, Lev Serebryakov wrote: > Hello, Freebsd-security. >=20 > I'm trying to use audit, and has some problems. First one is > impossiblity to create custom event class, and second one I hit is > with auditreduce(1) >=20 > auditreduce doesn't filter events by date (-b/-a/-d options with any > arguments produces empty output), it doesn't merge files properly and > doesn't pick up files automagically, as Solaris' one does. It doesn't > have -C/-M/-O functionality of Solaris' one, too. So, proper merging > of audit trial files seems to be impossible :( >=20 > I could try to fix & extend auditreduce(1), but does somebdy but me > need it? >=20 > Does somebody use audit on FreeBSD on production systems? FYI, a better place to discuss this would be the trustedbsd-audit = mailing list. There are quite of few people that use OpenBSM in = production on FreeBSD and Mac OS X that hang out on that list usually. Regards, -stacey.= _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"