[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-sun
Subject:    BSM Audit - system call argument
From:       nvk <nvkanaskar () ualr ! edu>
Date:       2007-05-15 16:15:12
Message-ID: 10626021.post () talk ! nabble ! com
[Download RAW message or body]



hello ....

If anybody knows about sun's bsm audit
record format, please help me.

I am not able to understand how an audit
record for system call can have duplicate
token for the same system call argument.
For example - 

header,182,2,ioctl(2),,Mon Jun 01 07:56:56 1998, + 788290611 msec
path,/devices/pseudo/cn@0:console
attribute,20620,2122,tty,8388608,11409,0
argument,2,0x7415,cmd
argument,3,0xeffff2b0,arg
argument,2,0x501cd434,strioctl:vnode
subject,2122,root,other,root,other,273,258,0 0 pascal.eyrie.af.mil
return,success,0
trailer,182

Above, token argument 2 is repeated.
I dint find anything in the BSM guide on
sun's site.

I would highly appreciate it if anybody
could throw any light on this.

Regards,
-- 
View this message in context: \
http://www.nabble.com/BSM-Audit---system-call-argument-tf3759563.html#a10626021 Sent \
from the Security - Sun mailing list archive at Nabble.com.


[prev in list] [next in list] [prev in thread] [next in thread]