grsecurity forums


https://forums.grsecurity.net/

concatenante log learning files

https://forums.grsecurity.net/viewtopic.php?f=5&t=3923

Page 1 of 1

concatenante log learning files

PostPosted: Fri Feb 14, 2014 8:48 am
by rom2mars
Hello,

is it possible to concatenate two learning log files to make the policy?




Example:

1)
Code: Select all
gradm -F -L /etc/grsec/learning01.log
gradm -D
gradm -F -L /etc/grsec/learning01.log -O /etc/grsec/policy


2) (few weeks later)
Code: Select all
gradm -F -L /etc/grsec/learning02.log
gradm -D
cat learning01.log learning02.log > new_learning.log # I don't want lose the old learning file
gradm -F -L /etc/grsec/new_learning.log -O /etc/grsec/policy



Do I use the good way, to make a full learning increasing little by little?



Sorry for my bad english,

Thanks in advance,

Best regards,
Romain

Re: concatenante log learning files

PostPosted: Sat Feb 15, 2014 3:06 pm
by spender
It's possible to do that, yes. Depending on the size of the log, it may be useful to sort -u the file before running the final policy generation command.

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/