ausearch & aureport fail from cron

All of lore.kernel.org
 help / color / mirror / Atom feed

* ausearch & aureport fail from cron
@ 2012-05-30 14:34 dean
  2012-06-01 13:16 ` Steve Grubb
  0 siblings, 1 reply; 3+ messages in thread
From: dean @ 2012-05-30 14:34 UTC (permalink / raw)
  To: linux-audit

[-- Attachment #1: Type: text/html, Size: 837 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: ausearch & aureport fail from cron
  2012-05-30 14:34 ausearch & aureport fail from cron dean
@ 2012-06-01 13:16 ` Steve Grubb
  2012-06-01 18:54   ` Dean DeFreitas
  0 siblings, 1 reply; 3+ messages in thread
From: Steve Grubb @ 2012-06-01 13:16 UTC (permalink / raw)
  To: linux-audit, dean

On Wednesday, May 30, 2012 10:34:14 AM dean@defreitas.net wrote:
>  I am using RHEL 5.8 (upgraded from 5.7) and I can not get these reporting
> tools to work from cron. I have tried many variations to no avail:
> 
> /sbin/ausearch -if /var/log/audit/audit.log  -ts 05/29/2012 00:00:00 -te
> 05/29/2012 23:59:59 > somefile.txt /sbin/ausearch --input-logs -ts
> 05/29/2012 00:00:00 -te 05/29/2012 23:59:59 > somefile.txt cat
> /var/log/audit/audit.log | /sbin/ausearch -ts 05/29/2012 00:00:00 -te
> 05/29/2012 23:59:59 > somefile.txt
> 
> Each of those work from the command line and in a script, but fail when the
> script is run from cron.

You need to pass the "--input-logs" command line option to force it to look at 
the logs instead of stdin.

-Steve

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: ausearch & aureport fail from cron
  2012-06-01 13:16 ` Steve Grubb
@ 2012-06-01 18:54   ` Dean DeFreitas
  0 siblings, 0 replies; 3+ messages in thread
From: Dean DeFreitas @ 2012-06-01 18:54 UTC (permalink / raw)
  To: Steve Grubb; +Cc: linux-audit

Steve,

Thank you for the reply. I appreciate your time. There was some weird
line wrap on my 3 examples, but I did try that in my second example. I
would not have posted for help if I hadn't exhausted all other attempts.

regards,
Dean


/sbin/ausearch -if /var/log/audit/audit.log  -ts 05/29/2012 00:00:00 -te 05/29/2012 23:59:59 > somefile.txt 

/sbin/ausearch --input-logs -ts 05/29/2012 00:00:00 -te 05/29/2012 23:59:59 > somefile.txt 

cat /var/log/audit/audit.log | /sbin/ausearch -ts 05/29/2012 00:00:00 -te 05/29/2012 23:59:59 > somefile.txt



On 06/01/2012 07:16 AM, Steve Grubb wrote:
> On Wednesday, May 30, 2012 10:34:14 AM dean@defreitas.net wrote:
>>  I am using RHEL 5.8 (upgraded from 5.7) and I can not get these reporting
>> tools to work from cron. I have tried many variations to no avail:
>>
>> /sbin/ausearch -if /var/log/audit/audit.log  -ts 05/29/2012 00:00:00 -te
>> 05/29/2012 23:59:59 > somefile.txt /sbin/ausearch --input-logs -ts
>> 05/29/2012 00:00:00 -te 05/29/2012 23:59:59 > somefile.txt cat
>> /var/log/audit/audit.log | /sbin/ausearch -ts 05/29/2012 00:00:00 -te
>> 05/29/2012 23:59:59 > somefile.txt
>>
>> Each of those work from the command line and in a script, but fail when the
>> script is run from cron.
> You need to pass the "--input-logs" command line option to force it to look at 
> the logs instead of stdin.
>
> -Steve
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2012-06-01 18:54 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-05-30 14:34 ausearch & aureport fail from cron dean
2012-06-01 13:16 ` Steve Grubb
2012-06-01 18:54   ` Dean DeFreitas

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.