https://github.com/tpltnt/go-bsm

a parser for Sun BSM audit logs
https://github.com/tpltnt/go-bsm

audit freebsd parser

Last synced: over 1 year ago
JSON representation

a parser for Sun BSM audit logs

• Host: GitHub
• URL: https://github.com/tpltnt/go-bsm
• Owner: tpltnt
• License: agpl-3.0
• Created: 2018-03-03T15:33:49.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2018-03-31T19:02:40.000Z (about 8 years ago)
• Last Synced: 2025-01-23T00:29:42.708Z (over 1 year ago)
• Topics: audit, freebsd, parser
• Language: Go
• Homepage:
• Size: 186 KB
• Stars: 2
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
[![Build Status](https://travis-ci.org/tpltnt/go-bsm.svg?branch=master)](https://travis-ci.org/tpltnt/go-bsm)

# go-bsm

This is a parser for the FreeBSD audit file format (based on Sun's Basic Security Module (BSM) file format).

It can be installed by running `go install github.com/tpltnt/go-bsm`.

# caveat

This tool uses a dirty handwritten parser for binary files. This was done because yacc wasn't available as

a tool for Go (as of beginning of 2018) and ANTLv4 requires Java.

# TODO

* parse all tokens

* rewrite using parser combinators

# references

* [audit.log(5)](https://www.freebsd.org/cgi/man.cgi?query=audit.log&apropos=0&sektion=0&arch=default&format=html)

* [FreeBSD handbook Chapter 16: Security Event Auditing](https://www.freebsd.org/doc/handbook/audit.html)

* [TrustedBSD OpenBSM](http://trustedbsd.org/openbsm.html) - [github repository](https://github.com/openbsm/openbsm)

* [Forensics Wiki: Basic Security Module (BSM) file format](http://forensicswiki.org/wiki/Basic_Security_Module_(BSM)_file_format)

* [SunSHIELD Basic Security Module Guide (pdf)](https://docs.oracle.com/cd/E19457-01/801-6636/801-6636.pdf)