From samflanker at gmail.com Fri Aug 17 08:39:38 2007 From: samflanker at gmail.com (sam) Date: Fri Aug 17 08:42:37 2007 Subject: praudit parse with gnu grep Message-ID: <46C55868.6090004@gmail.com> Hi, all. # praudit /etc/auditpipe | grep "bla bla bla" & # praudit /etc/auditpipe | tee file.log this is not work please help me /Vladimir Ermakov From samflanker at gmail.com Wed Aug 22 00:07:17 2007 From: samflanker at gmail.com (sam) Date: Wed Aug 22 00:07:19 2007 Subject: praudit parse with gnu grep In-Reply-To: <20070821152327.R53914@fledge.watson.org> References: <46C55191.2050205@gmail.com> <20070821145603.L50579@fledge.watson.org> <46CAF217.7040204@gmail.com> <20070821151108.Y53914@fledge.watson.org> <46CAF4E9.2030700@gmail.com> <20070821152327.R53914@fledge.watson.org> Message-ID: <46CBE096.90805@gmail.com> Robert Watson wrote: > > On Tue, 21 Aug 2007, sam wrote: > >>>>>> # praudit /etc/auditpipe | grep "bla bla bla" & # praudit >>>>>> /etc/auditpipe | tee file.log >>>>>> >>>>>> this is not work please help me >>>>> >>>>> This thread is also on freebsd-hackers, but just to follow up here >>>>> as well for the purposes of the archives: >>>>> >>>>> - It's /dev/auditpipe not /etc/auditpipe >>>>> - If you're using grep, try --line-buffered >>>>> >>>> --line-buffered is not helped to me >>> >>> When you run praudit on /dev/auditpipe directly, do you get the >>> records you expect? >> >> yes > > So what are you getting or not getting that is unexpected when you run > with grep? Have you tried forcing lots of records of the type you > would be matching to be created to make sure the buffers are flushing > from praudit/grep/etc? The input/output buffers in stdio mean that > you may not see output immediately, the buffer has to fill enough to > trigger an I/O before that will happen. > > We could add an fflush call to praudit's output, which would flush the > I/O out the file descriptor, but that wouldn't necessarily solve > grep's buffering. The attached patch might do this. > > Robert N M Watson > Computer Laboratory > University of Cambridge > > Index: praudit.c > =================================================================== > RCS file: /data/fbsd-cvs/ncvs/src/contrib/openbsm/bin/praudit/praudit.c,v > retrieving revision 1.1.1.3 > diff -u -r1.1.1.3 praudit.c > --- praudit.c 16 Apr 2007 15:36:57 -0000 1.1.1.3 > +++ praudit.c 21 Aug 2007 14:26:43 -0000 > @@ -107,6 +107,7 @@ > free(buf); > if (oneline) > printf("\n"); > + fflush(stdout); > } > return (0); > } > my big thanks this patch is working /Vladimir Ermakov From Dr.Dawn-Elise_Snipes at AllCEUs.com Wed Aug 22 01:11:38 2007 From: Dr.Dawn-Elise_Snipes at AllCEUs.com (Dr.Dawn-Elise_Snipes@AllCEUs.com) Date: Wed Aug 22 01:11:40 2007 Subject: Unlimited CEUs for $49.99 Message-ID: <7f2557dfe471567a9e480ab6e7752681@www.allceus.com> Affordable, High-Quality CEUs! -- If you do not want to receive any more special offers or newsletters, http://allceus.com/mail_list/?p=unsubscribe&uid=525a2dde1d2f76bc7b3cde14bd0dcf93 To update your preferences and to unsubscribe visit http://allceus.com/mail_list/?p=preferences&uid=525a2dde1d2f76bc7b3cde14bd0dcf93 Forward a Message to Someone http://allceus.com/mail_list/?p=forward&uid=525a2dde1d2f76bc7b3cde14bd0dcf93&mid=6 Dr. Dawn-Elise Snipes dr.dawn-elise_snipes@allceus.com PO BOX 1688 Alachua, FL 32616 -- Powered by PHPlist, www.phplist.com -- From rwatson at FreeBSD.org Tue Aug 28 10:21:04 2007 From: rwatson at FreeBSD.org (Robert Watson) Date: Tue Aug 28 10:21:10 2007 Subject: praudit parse with gnu grep In-Reply-To: <46CBE096.90805@gmail.com> References: <46C55191.2050205@gmail.com> <20070821145603.L50579@fledge.watson.org> <46CAF217.7040204@gmail.com> <20070821151108.Y53914@fledge.watson.org> <46CAF4E9.2030700@gmail.com> <20070821152327.R53914@fledge.watson.org> <46CBE096.90805@gmail.com> Message-ID: <20070828175313.B90180@fledge.watson.org> On Wed, 22 Aug 2007, sam wrote: >> Index: praudit.c >> =================================================================== >> RCS file: /data/fbsd-cvs/ncvs/src/contrib/openbsm/bin/praudit/praudit.c,v >> retrieving revision 1.1.1.3 >> diff -u -r1.1.1.3 praudit.c >> --- praudit.c 16 Apr 2007 15:36:57 -0000 1.1.1.3 >> +++ praudit.c 21 Aug 2007 14:26:43 -0000 >> @@ -107,6 +107,7 @@ >> free(buf); >> if (oneline) >> printf("\n"); >> + fflush(stdout); >> } >> return (0); >> } > > my big thanks this patch is working Vladimir, I've merged this change into OpenBSM, and it will appear in the next release. Thanks, Robert N M Watson Computer Laboratory University of Cambridge From samflanker at gmail.com Tue Aug 28 22:11:04 2007 From: samflanker at gmail.com (sam) Date: Tue Aug 28 22:11:13 2007 Subject: praudit parse with gnu grep In-Reply-To: <20070828175313.B90180@fledge.watson.org> References: <46C55191.2050205@gmail.com> <20070821145603.L50579@fledge.watson.org> <46CAF217.7040204@gmail.com> <20070821151108.Y53914@fledge.watson.org> <46CAF4E9.2030700@gmail.com> <20070821152327.R53914@fledge.watson.org> <46CBE096.90805@gmail.com> <20070828175313.B90180@fledge.watson.org> Message-ID: <46D4FFC4.40101@gmail.com> >>> RCS file: >>> /data/fbsd-cvs/ncvs/src/contrib/openbsm/bin/praudit/praudit.c,v >>> retrieving revision 1.1.1.3 >>> diff -u -r1.1.1.3 praudit.c >>> --- praudit.c 16 Apr 2007 15:36:57 -0000 1.1.1.3 >>> +++ praudit.c 21 Aug 2007 14:26:43 -0000 >>> @@ -107,6 +107,7 @@ >>> free(buf); >>> if (oneline) >>> printf("\n"); >>> + fflush(stdout); >>> } >>> return (0); >>> } >> >> my big thanks this patch is working > > Vladimir, > > I've merged this change into OpenBSM, and it will appear in the next > release. > > Thanks, > > Robert N M Watson > Computer Laboratory > University of Cambridge > Hello please add switcher comand_args parameter for enable/disable pipe-buffer /Vladimir Ermakov