FAAS Introduction

Apple's Mac OS X operating system has an excellent auditing system called BSM. Unfortunately a properly configured BSM system can generate large amounts of data (Gigabytes per computer per day), and there is no obvious way to centrally collect this data. Furthermore, the BSM data can be enhanced by external information such as process snapshots and syslog data.

To address these issues I created the Free Audit Aggregation System (FAAS). Here is the original concept paper. A video introduction of the working system is shown below.