Rsyslog & Auditd - Parsing audit.log / proctitle hexadecimal value to ascii

Clément939

12/12/22, 8:24 AM

I'm trying to edit my rsyslog.conf in order to set hex parts of my auditd logs in clear.

Does anyone know if it is possible to configure rsyslog in order to apply a parsing on the log received by a bash script ? (Or any other technique)

It should only parse the data and not change the output of the logs.

I would use a bash script that would hex2str the content of PROCTITLE, see this example of auditd log line:

type=PROCTITLE msg=audit(1449583261.740:1899): proctitle=2F7573722F62696E2F7065726C002F7573722F73686172652F617773746174732F777777726F6F742F6367692D62696E2F617773746174732E706C002D757064617465002D636F6E6669673D68756C6B2E6C6F63616C002D636F6E6669676469723D2F6574632F61777374617473

Thanks

183

0 + 4

bash

audit

logging

Michael Hampton

12/12/22, 11:49 AM

Maybe you can parse the data, but then what would you do with it?

meuh

12/12/22, 12:10 PM

Answered on [unix.stackexchange](https://unix.stackexchange.com/a/664372/119298).

Oecophylla

12/12/22, 12:29 PM

The objective is to send full ascii audit.log to one machine and being able to read directly the log without having to hex2str each log

Oecophylla

12/12/22, 12:29 PM

Thanks for your msg Meuh

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Rsyslog & Auditd - Parsing audit.log / proctitle hexadecimal value to ascii

TH: Rsyslog & Auditd - แยกวิเคราะห์ audit.log / ค่าเลขฐานสิบหก proctitle เป็น ascii

RO: Rsyslog & Auditd - Analizează valoarea hexazecimală audit.log / proctitle în ascii

RU: Rsyslog & Auditd — преобразование шестнадцатеричного значения audit.log/proctitle в ascii

VI: Rsyslog & Auditd - Phân tích cú pháp giá trị thập lục phân audit.log / proctitle thành ascii

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.