From owner-freebsd-hackers@FreeBSD.ORG Tue Aug 21 13:21:28 2007 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3D2F316A421 for ; Tue, 21 Aug 2007 13:21:28 +0000 (UTC) (envelope-from samflanker@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191]) by mx1.freebsd.org (Postfix) with ESMTP id A31B813C458 for ; Tue, 21 Aug 2007 13:21:27 +0000 (UTC) (envelope-from samflanker@gmail.com) Received: by nf-out-0910.google.com with SMTP id b2so944559nfb for ; Tue, 21 Aug 2007 06:21:26 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=LED4WozKrG+G38ikaJjfgw0eXR3BQOWFSHT3decXv6zzTDzjSUEvAMWxcvrdrhKsfmGWCgqeDp7DnSuHYV5q2rxoIwzBCzDJ71Ar+ABe0+zHNK6OfJtBTcgCXr1aKQsisuEuZ/eG6u2hX8hPQwMAvpDHlD1CNOobQdFwAQdIwlo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=Qeq6N9BLNmXEctlX4b1qWjE3/dqS+t2E0bk6x8AlDZyF3qQXBYavUc6l7Zg2Z/hZvqzkw/fDS7xZG8jsbl3w0Hc+oYpyTJyBak8d1DSzkCM7geghRHHreOByAPAhZUmHcXF5hOoJ8fGgaW+LIWLlLGBmgT7fMO2gxIP+H6xlNlM= Received: by 10.86.81.8 with SMTP id e8mr5419504fgb.1187702486207; Tue, 21 Aug 2007 06:21:26 -0700 (PDT) Received: from ?192.168.1.185? ( [213.152.137.35]) by mx.google.com with ESMTPS id k29sm11872657fkk.2007.08.21.06.21.24 (version=SSLv3 cipher=RC4-MD5); Tue, 21 Aug 2007 06:21:25 -0700 (PDT) Message-ID: <46CAE6C7.5060706@gmail.com> Date: Tue, 21 Aug 2007 17:21:11 +0400 From: sam User-Agent: Thunderbird 2.0.0.4 (Windows/20070604) MIME-Version: 1.0 To: Eric Crist References: <46C9528D.8010201@gmail.com> <20070821123943.N50579@fledge.watson.org> <46CADFF9.2000700@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org, Robert Watson Subject: Re: work praudit with tee & grep X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Aug 2007 13:21:28 -0000 Eric Crist wrote: > On Aug 21, 2007, at 7:52 AMAug 21, 2007, sam wrote: > >> Robert Watson wrote: >>> >>> On Mon, 20 Aug 2007, sam wrote: >>> >>>> I am installed AUDIT >>>> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html >>>> >>>> # praudit /etc/auditpipe | grep "xxx" >>>> & >>>> # praudit /etc/auditpipe | tee file.log >>>> & >>>> # praudit /etc/auditpipe > file.log >>>> >>>> this is not work >>>> please help me >>> >>> Vladimir, >>> >>> Could you confirm that when you typed the command, you entered it as >>> above instead of using /dev/auditpipe, the actual name of the audit >>> device? I think all the examples in the Handbook are correct, >>> suggesting a transcription error either when you typed the command, >>> or when you copied it to the e-mail. If that's not it, could you be >>> more specific about the failure mode? >>> >>> Robert N M Watson >>> Computer Laboratory >>> University of Cambridge >>> >> sorry >> my problem in buffer-pipe >> # praudit -l /dev/auditpipe | tee file.log >> >> need full load in buffer-pipe (4096 bytes), after data forward to >> STDOUT & file.log >> please help me data forward without buffer-pipe ?? > > Try the --line-buffered option to grep. I've had a lot of luck with > it. Something like the following may work for you: > > # praudit /etc/auditpipe | grep --line-buffered -e "xxx" > > If you just want to pipe to a file, use something like: > > # praudit /etc/auditpipe | grep --line-buffered -e "$" >> file.log > > HTH > ----- > Eric F Crist > Secure Computing Networks > > > thx this not working wite up buffer-pipe to 4096 bytes