The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

svr4++, A Commone Audit Trail Interchange Format For Unix Version 2.2

Author

Stephen E. Smaha

Entry type

techreport

Abstract

Developers of audit trail analysis tools need a data interchange format to allow sharing audit trail information from different operating sytems. We wanted an audit data interchange format to provide interoperability of intrusion and misuse detection tools and to facilitate cooperative work involving audit trail analysis, especially for the detection of intrusions and other misuses. While the general case of this problem is very difficult (to convert from IBM MVS SMF records to SunOS Basic Security Module data, for example), it is much more feasible to define a common record format across those Unix versions that support auditing at least at the NCSC C2 level. This document describes the format we have developed. Our internal name for this format is "svr4++".

Date

1994 – October

URL

http://smaha@dockmaster.ncsc.mil

Address

Austin, TX 78726

Institution

Haystack Laboratories Inc.

Key alpha

Smaha

Publication Date

0000-00-00

Location

A hard-copy of this is in the Papers Cabinet

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.