Basic Security Module Auditing (im_bsm)
This module provides support for parsing events logged using Sun’s Basic Security Module (BSM) Auditing API. This module reads directly from the kernel. See also xm_bsm.
Setup
For information about setting up BSM Auditing, see the xm_bsm Setup section.
Configuration
The im_bsm module accepts the following directives in addition to the common module directives.
Optional directives
This optional directive specifies the device file from which to read BSM events.
If this is not specified, it defaults to |
|
This optional directive can be used to specify the path to the audit event database containing a mapping between event names and numeric identifiers.
The default location is |
Fields
See the xm_bsm Fields.
Examples
This configuration reads BSM audit events directly from the kernel via the
(default) /dev/auditpipe
device file (which is not available on Solaris, see
the xm_bsm example instead).
<Input in>
Module im_bsm
DeviceFile /dev/auditpipe
</Input>