Enabling au_to_socket_ex for openbsm network events
Rahul Gopi
rahul_gopi at hotmail.com
Mon Nov 18 08:10:41 UTC 2019
Hi,
is there any way to enable au_to_socket_ex via audit_control configuration ?. I am looking to get five tuple for network connections via auditd log.
>From documentation found the following. But not sure how to enable this in auditd / openbsm
- Interfaces to convert between local and BSM socket types and protocol
families have been added: au_bsm_to_domain(3), au_bsm_to_socket_type(3),
au_domain_to_bsm(3), and au_socket_type_to_bsm(3), along with definitions
of constants in audit_domain.h and audit_socket_type.h
Greatly appreciate any help.
Regards
Rahul
More information about the trustedbsd-discuss
mailing list