On Tue, 30 Jan 2007 12:06:06 EST, Joshua Brindle said: > > This is fairly off topic here (selinux list) but I agree with Karl. As a > recovering admin I think I can say that admins expect to be able to use > various unix utilities to inspect log files, particularly tail -f.
As a counter-example - lastcomm and last. If you want to use tail -f, don't run auditd, and use syslog-ng(*) or similar to send the msgs you're interested in to a file that you can tail -f. Or you *can* tail -f the file, just be ready to deal with the fact that it contains binary data, same as the process accounting file and the last-login file. (*) syslog-ng can route to logfiles based on a regexp, so you don't have to send all kernel output to the same file...
pgpGuHpzCYvC2.pgp
Description: PGP signature
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
