Sample grsecurity logs?
Posted: Tue Feb 28, 2012 9:28 amHi all,
I'm currently working on preparing our SIEM tool to alert on various grsecurity messages - I would be very grateful if someone could help me shortcut dealing with all of the different conditions/messages by sharing copies of their logs with me. I've already got a Debian system with 3.2.7 kernel + grsec 2.9 having messages redirected by rsyslog into a specific grsecurity.log file and have grabbed the mount/chdir/exec/time set messages OK (now working on some ACLs), but creating messages for each of the cases in DEFINE GR_*_MSG I think is going to take me ages.
I appreciate that people may not want to share real logs from their production systems, but perhaps some from a test/dev platform with any IPs changed out for fakes?
Cheers,
shepherd
I'm currently working on preparing our SIEM tool to alert on various grsecurity messages - I would be very grateful if someone could help me shortcut dealing with all of the different conditions/messages by sharing copies of their logs with me. I've already got a Debian system with 3.2.7 kernel + grsec 2.9 having messages redirected by rsyslog into a specific grsecurity.log file and have grabbed the mount/chdir/exec/time set messages OK (now working on some ACLs), but creating messages for each of the cases in DEFINE GR_*_MSG I think is going to take me ages.
I appreciate that people may not want to share real logs from their production systems, but perhaps some from a test/dev platform with any IPs changed out for fakes?
Cheers,
shepherd