concatenante log learning files

Submit your RBAC policies or suggest policy improvements

concatenante log learning files

Postby rom2mars » Fri Feb 14, 2014 8:48 am


is it possible to concatenate two learning log files to make the policy?


Code: Select all
gradm -F -L /etc/grsec/learning01.log
gradm -D
gradm -F -L /etc/grsec/learning01.log -O /etc/grsec/policy

2) (few weeks later)
Code: Select all
gradm -F -L /etc/grsec/learning02.log
gradm -D
cat learning01.log learning02.log > new_learning.log # I don't want lose the old learning file
gradm -F -L /etc/grsec/new_learning.log -O /etc/grsec/policy

Do I use the good way, to make a full learning increasing little by little?

Sorry for my bad english,

Thanks in advance,

Best regards,
Posts: 16
Joined: Fri Feb 07, 2014 10:52 am

Re: concatenante log learning files

Postby spender » Sat Feb 15, 2014 3:06 pm

It's possible to do that, yes. Depending on the size of the log, it may be useful to sort -u the file before running the final policy generation command.

Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Return to RBAC policy development