I'm also working on a project that aims at augmenting the Apache Web Server with Audit capability using BSM. I have written some sample programs to write my own messages to the audit log. But I am unable to trace them. Any help reg how I can trace data is welcome? And do I need to specify a different audit level if I want to log messages programmatically? Also do I need root access to log information to the audit log? Apart from the SUN docs, I can't find more developer resources. If your research yielded any links, I request you to enlighten me. Thanks, Sarat. On Thu, 10 Feb 2005 14:39:56 -0500, Michael C. Johnson <mcj4321@xxxxxxxxxxx> wrote: > Currently I have 'All' set for both 'flags' and 'naflags' because I'm not > seeing a single event when I conduct a http session to the server. I also > have all 'policies' turned on. If I open a browser to conduct a session to > a different server, I do see the browser activity. I know BSM doesn't have > any specific classes for the httpd like it does for the ftpd, but figured > I'd at least see the file access during a session. I haven't modified the > BSM classes or events. I definitely see ftp and telnet activity. I > definitely see the network activity with ethereal. > > Do I need to set up custom classes and events? If so, is there a paper or > some documentation that I can reference. I've gone through the SunSHIELD > BSM Guide and the SUN technical bulletin on BSM from '93 along with every > other BSM paper I've been able to find. > > Regards, > Mike > > ----- Original Message ----- > From: "wnorth" <wnorth@xxxxxxxxxxx> > To: <users@xxxxxxxxxxxxxxxx> > Sent: Thursday, February 10, 2005 1:47 PM > Subject: RE: [users@httpd] Why can't Solaris BSM see Apache? > > > What audit flags are set? Additionally you need to make sure you have > > enabled the correct audit facilities within the BSM, it should capture any > > daemon activity simply using the kernel auditing, but there are ancilliary > > events that may capture that. Also, if you have everything enabled what > > are > > you trying to capture? Read requests for apache? If so you'd need to -r > > switch to capture file read requests...but that will flood you log files > > and > > make them absolutley huge. > > > > -Wes > > > > -----Original Message----- > > From: Michael C. Johnson [mailto:mcj4321@xxxxxxxxxxx] > > Sent: Wednesday, February 09, 2005 8:03 AM > > To: users@xxxxxxxxxxxxxxxx > > Subject: [users@httpd] Why can't Solaris BSM see Apache? > > > > All, > > > > I am trying to catch Apache Server activity with Solaris BSM. I have > > configured BSM pretty wide open, but see nothing in my BSM logs when I > > conduct a http session with the Apache Server. I clearly see ftp and > > telnet > > sessions in the BSM logs. Any experience or ideas? > > > > Sincerely, > > Mike Johnson > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP Server Project. > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > > > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP Server Project. > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|