Confirm
502
edits
Changes
Created page with "== Team == === Introduction === === Members === * * * * * Professor: * Mozilla Advisor: [https://mozillians.org/en-US/u/kang/ Guillaume Destuynder] == Project == Heka is a ..."
== Team ==
=== Introduction ===
=== Members ===
*
*
*
*
* Professor:
* Mozilla Advisor: [https://mozillians.org/en-US/u/kang/ Guillaume Destuynder]
== Project ==
Heka is a Mozilla project for logs routing, analysis, etc. (see http://hekad.readthedocs.org/en/latest/). Linux Audit logs are collecting various system calls and events in order to send them to a C user space program (auditd) over the netlink protocol. A Mozilla C plugin (https://github.com/gdestuynder/audisp-cef) currently correlate, transforms, and send these events back to our logging architecture.
=== Description ===
This project aims to deliver the same functionality as Linux Audit (auditd, audispd) + audisp-cef/json but in native Go as a plugin to Heka.
This means it will listen for events from the kernel via the Netlink protocol, parse the messages, convert them (to JSON using MozDef's native format), and pass them over to Heka.
=== Success Criteria ===
* Ability to process and forward audit events in pure Go from the kernel to Heka, as they would come out of audisp-json.
== Updates ==
=== 2014-08-?? ===
Kick off meeting.
=== <date> ===
* current work
* blocking points
* discussion points
* upcoming work
=== Introduction ===
=== Members ===
*
*
*
*
* Professor:
* Mozilla Advisor: [https://mozillians.org/en-US/u/kang/ Guillaume Destuynder]
== Project ==
Heka is a Mozilla project for logs routing, analysis, etc. (see http://hekad.readthedocs.org/en/latest/). Linux Audit logs are collecting various system calls and events in order to send them to a C user space program (auditd) over the netlink protocol. A Mozilla C plugin (https://github.com/gdestuynder/audisp-cef) currently correlate, transforms, and send these events back to our logging architecture.
=== Description ===
This project aims to deliver the same functionality as Linux Audit (auditd, audispd) + audisp-cef/json but in native Go as a plugin to Heka.
This means it will listen for events from the kernel via the Netlink protocol, parse the messages, convert them (to JSON using MozDef's native format), and pass them over to Heka.
=== Success Criteria ===
* Ability to process and forward audit events in pure Go from the kernel to Heka, as they would come out of audisp-json.
== Updates ==
=== 2014-08-?? ===
Kick off meeting.
=== <date> ===
* current work
* blocking points
* discussion points
* upcoming work
