Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation? #18

Open
rhclayto opened this issue Dec 16, 2018 · 2 comments
Open

Documentation? #18

rhclayto opened this issue Dec 16, 2018 · 2 comments

Comments

@rhclayto
Copy link

rhclayto commented Dec 16, 2018
edited
Loading

Hi,

Is there any documentation for this? Google doesn't turn up much.

For instance, I run bsmtrace with a finite state machine matching logins. What does it do when it matches an event? Does it output information, notices, etc.? When I run it in foreground mode, I see the event was matched & it gives some information about it (auid, duration, priority, etc.). But how do I use this? Maybe pipe it to logger to send it into syslog? Is there some built in logging or notification functionality in bsmtrace? In other words, how do I use this to monitor the events it matches?

Edit:
I found this: https://people.freebsd.org/~csjp/bsmtrace/bsmtrace.txt

Looks somewhat outdated.

Is there any way to set the output fields, format, etc?
@csjayp
Copy link
Member

csjayp commented Dec 26, 2018

Sure we can help you out with this. Which OS are you running on?

@kai-burghardt
Copy link

@csjayp How can I convince bsmtrace of sending notifications to syslog? (I can’t use the trigger "/usr/bin/logger … workaround because privileged user commands are monitored, too, so this would cause an infinite loop.) This is FreeBSD if it matters.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@csjayp @rhclayto @kai-burghardt