work praudit with tee & grep
Eric Crist
mnslinky at gmail.com
Tue Aug 21 06:26:49 PDT 2007
On Aug 21, 2007, at 7:52 AMAug 21, 2007, sam wrote:
> Robert Watson wrote:
>>
>> On Mon, 20 Aug 2007, sam wrote:
>>
>>> I am installed AUDIT
>>> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html
>>>
>>> # praudit /etc/auditpipe | grep "xxx"
>>> &
>>> # praudit /etc/auditpipe | tee file.log
>>> &
>>> # praudit /etc/auditpipe > file.log
>>>
>>> this is not work
>>> please help me
>>
>> Vladimir,
>>
>> Could you confirm that when you typed the command, you entered it
>> as above instead of using /dev/auditpipe, the actual name of the
>> audit device? I think all the examples in the Handbook are
>> correct, suggesting a transcription error either when you typed
>> the command, or when you copied it to the e-mail. If that's not
>> it, could you be more specific about the failure mode?
>>
>> Robert N M Watson
>> Computer Laboratory
>> University of Cambridge
>>
> sorry
> my problem in buffer-pipe
> # praudit -l /dev/auditpipe | tee file.log
>
> need full load in buffer-pipe (4096 bytes), after data forward to
> STDOUT & file.log
> please help me data forward without buffer-pipe ??
Try the --line-buffered option to grep. I've had a lot of luck with
it. Something like the following may work for you:
# praudit /etc/auditpipe | grep --line-buffered -e "xxx"
If you just want to pipe to a file, use something like:
# praudit /etc/auditpipe | grep --line-buffered -e "$" >> file.log
HTH
-----
Eric F Crist
Secure Computing Networks
More information about the freebsd-hackers
mailing list