I am trying to read the contents of a pascal.bsm file. What I am basically interested in is the system calls included in the file. I dont know how to open and read the file. The file I'm trying to read is here It is a file generated by a solaris system and includes the audit data which are not in easily readable form. What should I do? Thanks.
Asked
Active
Viewed 714 times
3
-
Did you ever find anything on Windows to handle the native format? – Will Dieterich Jan 17 '12 at 10:36
1 Answers
4
Just use praudit on Solaris:
$ praudit pascal.bsm
file,1999-03-01 13:31:59.731 +01:00,
header,36,2,system booted,na,1999-03-01 13:31:32.219 +01:00
text,booting kernel
header,126,2,open(2) - read,,1999-03-01 13:32:19.241 +01:00
path,/etc/security/audit_control
attribute,100664,root,other,8388608,62781,0
subject,root,root,other,root,other,257,257,0 0 172.16.112.50
return,success,4
trailer,126
header,150,2,ioctl(2),fe,1999-03-01 13:32:19.241 +01:00
path,/etc/security/audit_control
attribute,100664,root,other,8388608,62781,0
argument,2,0x5401,cmd
argument,3,0xefffed7c,arg
subject,root,root,other,root,other,257,257,0 0 172.16.112.50
return,failure: Inappropriate ioctl for device,-1
trailer,150
header,137,2,close(2),,1999-03-01 13:32:19.241 +01:00
argument,1,0x4,fd
path,/etc/security/audit_control
...
![](../../users/profiles/211665.webp)
jlliagre
- 27,018
- 6
- 57
- 68
-
-
The simplest way would be to install VirtualBox on your Ubuntu box, then a VM with a Solaris distribution and use its `praudit` command. Alternatively, you might try compiling from its source code, but that might be a much complex alternative. – jlliagre Mar 20 '13 at 21:38
-
1@Goaler444 You are welcome. Feel free to vote up my answer which, despite being undoubtedly correct, had not a single vote after almost two years ... – jlliagre Mar 22 '13 at 01:31