I am trying to read the contents of a pascal.bsm file. What I am basically interested in is the system calls included in the file. I dont know how to open and read the file. The file I'm trying to read is here It is a file generated by a solaris system and includes the audit data which are not in easily readable form. What should I do? Thanks.
Just use praudit on Solaris:
$ praudit pascal.bsm
file,1999-03-01 13:31:59.731 +01:00,
header,36,2,system booted,na,1999-03-01 13:31:32.219 +01:00
text,booting kernel
header,126,2,open(2) - read,,1999-03-01 13:32:19.241 +01:00
path,/etc/security/audit_control
attribute,100664,root,other,8388608,62781,0
subject,root,root,other,root,other,257,257,0 0 172.16.112.50
return,success,4
trailer,126
header,150,2,ioctl(2),fe,1999-03-01 13:32:19.241 +01:00
path,/etc/security/audit_control
attribute,100664,root,other,8388608,62781,0
argument,2,0x5401,cmd
argument,3,0xefffed7c,arg
subject,root,root,other,root,other,257,257,0 0 172.16.112.50
return,failure: Inappropriate ioctl for device,-1
trailer,150
header,137,2,close(2),,1999-03-01 13:32:19.241 +01:00
argument,1,0x4,fd
path,/etc/security/audit_control
...