GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
BSMTRACE(1) FreeBSD General Commands Manual BSMTRACE(1)

bsmtrace
host-based IDS based on OpenBSM

bsmtrace [-bdFhv] [-a trail] [-f config_file] [-p pid_file]

BSMtrace is a utility that processes audit trails, or real-time audit feeds provided by audit pipes. It loads a set of finite state machines or sequences from the supplied configuration file and watches the audit streams for instances of these sequences. For more information, the example bsmtrace.conf file should be reviewed.

It operates by reading a configuration file that lists sequences which should result in actions. The default configuration file is /etc/bsmtrace.conf. BSM records are taken from /dev/auditpipe and run through a finite state machine which attempts to match a stream of records to defined sequences.

trail
Audit trail to be examined.
Dump the last BSM record which results in a sequence match to stdout.
Print debugging messages.
config_file
Location of config file.
Run program in foreground.
Print this help message.
pid_file
Location of pid file.
Print version and exit.

The bsmtrace utility exits 0 on success, and >0 if an error occurs.

/dev/auditpipe
Default source for BSM records.
/etc/bsmtrace.conf
Default configuration file.
/var/run/bsmtrace.pid
Default pid file.

auditd(8), bsmtrace.conf(5), libbsm(3), praudit(1)

Aaron L. Meihm ⟨alm@freebsd.org⟩
Christian S.J. Peron ⟨csjp@freebsd.org⟩
April 4, 2007 FreeBSD 6.2
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.