Robert Watson wrote:
On Tue, 21 Aug 2007, sam wrote:
# praudit /etc/auditpipe | grep "bla bla bla" & # praudit
/etc/auditpipe | tee file.log
this is not work please help me
This thread is also on freebsd-hackers, but just to follow up here
as well for the purposes of the archives:
- It's /dev/auditpipe not /etc/auditpipe
- If you're using grep, try --line-buffered
--line-buffered is not helped to me
When you run praudit on /dev/auditpipe directly, do you get the
records you expect?
yes
So what are you getting or not getting that is unexpected when you run
with grep? Have you tried forcing lots of records of the type you
would be matching to be created to make sure the buffers are flushing
from praudit/grep/etc? The input/output buffers in stdio mean that
you may not see output immediately, the buffer has to fill enough to
trigger an I/O before that will happen.
We could add an fflush call to praudit's output, which would flush the
I/O out the file descriptor, but that wouldn't necessarily solve
grep's buffering. The attached patch might do this.
Robert N M Watson
Computer Laboratory
University of Cambridge
Index: praudit.c
===================================================================
RCS file: /data/fbsd-cvs/ncvs/src/contrib/openbsm/bin/praudit/praudit.c,v
retrieving revision 1.1.1.3
diff -u -r1.1.1.3 praudit.c
--- praudit.c 16 Apr 2007 15:36:57 -0000 1.1.1.3
+++ praudit.c 21 Aug 2007 14:26:43 -0000
@@ -107,6 +107,7 @@
free(buf);
if (oneline)
printf("\n");
+ fflush(stdout);
}
return (0);
}
my big thanks
this patch is working
/Vladimir Ermakov
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"