FreeBSD Manual Pages
BSMTRACE(1) General Commands Manual BSMTRACE(1) NAME bsmtrace -- host-based IDS based on OpenBSM SYNOPSIS bsmtrace [-bdFhv] [-a trail] [-f config_file] [-p pid_file] DESCRIPTION BSMtrace is a utility that processes audit trails, or real-time audit feeds provided by audit pipes. It loads a set of finite state machines or sequences from the supplied configuration file and watches the audit streams for instances of these sequences. For more information, the example bsmtrace.conf file should be reviewed. It operates by reading a configuration file that lists sequences which should result in actions. The default configuration file is /etc/bsmtrace.conf. BSM records are taken from /dev/auditpipe and run through a finite state machine which attempts to match a stream of records to defined sequences. OPTIONS -a trail Audit trail to be examined. -b Dump the last BSM record which results in a sequence match to stdout. -d Print debugging messages. -f config_file Location of config file. -F Run program in foreground. -h Print this help message. -p pid_file Location of pid file. -v Print version and exit. DIAGNOSTICS The bsmtrace utility exits 0 on success, and >0 if an error occurs. FILES /dev/auditpipe Default source for BSM records. /etc/bsmtrace.conf Default configuration file. /var/run/bsmtrace.pid Default pid file. SEE ALSO auditd(8), bsmtrace.conf(5), libbsm(3), praudit(1) AUTHORS Aaron L. Meihm <alm@freebsd.org> Christian S.J. Peron <csjp@freebsd.org> FreeBSD 6.2 April 04, 2007 BSMTRACE(1)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | DIAGNOSTICS | FILES | SEE ALSO | AUTHORS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=bsmtrace&sektion=1&manpath=FreeBSD+Ports+15.0>