[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-sun
Subject: BSM Audit - system call argument
From: nvk <nvkanaskar () ualr ! edu>
Date: 2007-05-15 16:15:12
Message-ID: 10626021.post () talk ! nabble ! com
[Download RAW message or body]
hello ....
If anybody knows about sun's bsm audit
record format, please help me.
I am not able to understand how an audit
record for system call can have duplicate
token for the same system call argument.
For example -
header,182,2,ioctl(2),,Mon Jun 01 07:56:56 1998, + 788290611 msec
path,/devices/pseudo/cn@0:console
attribute,20620,2122,tty,8388608,11409,0
argument,2,0x7415,cmd
argument,3,0xeffff2b0,arg
argument,2,0x501cd434,strioctl:vnode
subject,2122,root,other,root,other,273,258,0 0 pascal.eyrie.af.mil
return,success,0
trailer,182
Above, token argument 2 is repeated.
I dint find anything in the BSM guide on
sun's site.
I would highly appreciate it if anybody
could throw any light on this.
Regards,
--
View this message in context: \
http://www.nabble.com/BSM-Audit---system-call-argument-tf3759563.html#a10626021 Sent \
from the Security - Sun mailing list archive at Nabble.com.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic