logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

laurel2audit(8) – transform Laurel logs to back to original Linux Audit format

Contents

Authors

       • Hilko Bengen <bengen@hilluzination.de>

laurel 0.7.1                                                                                     laurel2audit(8)

Bugs

       • URL-encoded single bytes within strings are not yet handled.

       • Possibly more.

Name

laurel2audit(8) – transform Laurel logs to back to original Linux Audit format

Notes

       “Enriched” (i.e. ALL_CAPS) keys in audit records are discarded.

       EXECVE records are output on one, possibly very long, line.

       If laurel has transformed EXECVE argument lists to single strings  (ARGV_STR),  that  transformation  may
       have  been  lossy:  There  is  no  way  to  discern space characters as gaps between arguments from space
       characters as part of individual arguments.

       An end-of-event (EOE) marker is output for every  event.   This  marker  is  not  part  of  the  original
       audit.log  file,  but  it  has  originally  been  transmitted by the kernel and is passed by auditd(8) to
       plugins.

See Also

laurel(8), aulast(8), aulastlog(8), aureport(8), ausearch(8), ausyscall(8), auvirt(8)

Synopsis

       This  is a simple filter that reads logs written by laurel(8) and outputs Linux Audit logs that the audit
       tools and laurel itself should be able to digest.

See Also

Man Pages
laurel Man Pages
Man Pages
audit Man Pages
Logs
Logs PNG Icons
Man Pages
original Man Pages
Man Pages
linux Man Pages
Back
Back PNG Icons
Man Pages
execve Man Pages
Man Pages
transform Man Pages
← View System admin Category← Back to System startup and services🙏  Credits & Acknowledgments