Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
BSMTRACE(1)		  BSD General Commands Manual		   BSMTRACE(1)

NAME
     bsmtrace -- host-based IDS	based on OpenBSM

SYNOPSIS
     bsmtrace [-bdFhv] [-a trail] [-f config_file] [-p pid_file]

DESCRIPTION
     BSMtrace is a utility that	processes audit	trails,	or real-time audit
     feeds provided by audit pipes.  It	loads a	set of finite state machines
     or	sequences from the supplied configuration file and watches the audit
     streams for instances of these sequences.	For more information, the ex-
     ample bsmtrace.conf file should be	reviewed.

     It	operates by reading a configuration file that lists sequences which
     should result in actions. The default configuration file is
     /etc/bsmtrace.conf.  BSM records are taken	from /dev/auditpipe and	run
     through a finite state machine which attempts to match a stream of
     records to	defined	sequences.

OPTIONS
     -a	trail	     Audit trail to be examined.

     -b		     Dump the last BSM record which results in a sequence
		     match to stdout.

     -d		     Print debugging messages.

     -f	config_file  Location of config	file.

     -F		     Run program in foreground.

     -h		     Print this	help message.

     -p	pid_file     Location of pid file.

     -v		     Print version and exit.

DIAGNOSTICS
     The bsmtrace utility exits	0 on success, and >0 if	an error occurs.

FILES
     /dev/auditpipe	    Default source for BSM records.
     /etc/bsmtrace.conf	    Default configuration file.
     /var/run/bsmtrace.pid  Default pid	file.

SEE ALSO
     auditd(8),	bsmtrace.conf(5), libbsm(3), praudit(1)

AUTHORS
     Aaron L. Meihm <alm@freebsd.org>
     Christian S.J. Peron <csjp@freebsd.org>

FreeBSD	6.2			April 04, 2007			   FreeBSD 6.2

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | DIAGNOSTICS | FILES | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=bsmtrace&sektion=1&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help