OSSEC

RSS
  • Using OSSEC to parse auditd logs

    Posted September 20, 2010 - 8:40 am

    OSSEC can parse and correlate a large number of log formats, but one feature Security consultant Josh Lochner found lacking is the ability to parse auditd daemon logs. Here he shares a decoder he created to pull information out of the /var/log/audit/audit.log created by the auditd service.

Join today!

See more content
Ask a Question