|
Home > Archive > Unix questions > January 2005 > CAF file format (auditd, SCO OpenServer)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
CAF file format (auditd, SCO OpenServer)
|
|
|
| Hi, my digital fellows. I need your help. Now one of the tickets has
been reassigned to me and I have some troubles. However I need to
process CAF file.
--- Start of quotation ---
"The audit trail is being produced by special daemon - auditd. It
reads audit records from special device /dev/audittr. After that it
compresses the record and puts it to intermediate files called audit
collection files (CAF files). Note, the data in files are compressed"
--- End of quotation ---
Unfortunately compression algorithm is not mention in documentation. I
know that I can use audit tools to work with these files, but I need to
perform work in Windows OS (Windows 2000 OS).
I can not find any helpful documentation using Google. Please help.
Thank you very much in advance and sorry for my bad English :-)
| |
|
| I have found some solution. It is possible to turn off (disable)
archiving mode for audit subsystem and switch from binary format to
text comma separated format. But in this case there are much more
resources needed to collect and transfer this data to windows machine.
Maybe someone can propose different solution? You are welcome. Thx.
|
|
|
|
|