Let's imagine a FreeBSD server which collects audit records from machines that are not necessarily using BSM as the format of their audit records. The idea is to create a tool which would be able to load a module, read audit records in a non-BSM format and output audit records in BSM that misses as little data as possible due to the differences between format standards.
I’ll focus mainly on the Linux Audit and Windows format.
The aim of the project is to ease the maintenance of a network of servers with different audit format. The tool would allow to comfortably manage different audit log files collected from our servers and examine them using default FreeBSD administration tools which support BSM format.