Date: Tue, 21 Aug 2007 08:25:21 -0500 From: Eric Crist <mnslinky@gmail.com> To: sam <samflanker@gmail.com> Cc: freebsd-hackers@freebsd.org, Robert Watson <rwatson@FreeBSD.org> Subject: Re: work praudit with tee & grep Message-ID: <80FA5D23-FA4E-4D1D-87E8-B06E4931C48D@gmail.com> In-Reply-To: <46CAE6C7.5060706@gmail.com> References: <46C9528D.8010201@gmail.com> <20070821123943.N50579@fledge.watson.org> <46CADFF9.2000700@gmail.com> <C48660DC-BD8A-4D38-A0BC-4707921E4799@gmail.com> <46CAE6C7.5060706@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Aug 21, 2007, at 8:21 AMAug 21, 2007, sam wrote: > Eric Crist wrote: >> On Aug 21, 2007, at 7:52 AMAug 21, 2007, sam wrote: >> >>> Robert Watson wrote: >>>> >>>> On Mon, 20 Aug 2007, sam wrote: >>>> >>>>> I am installed AUDIT >>>>> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ >>>>> audit.html >>>>> >>>>> # praudit /etc/auditpipe | grep "xxx" >>>>> & >>>>> # praudit /etc/auditpipe | tee file.log >>>>> & >>>>> # praudit /etc/auditpipe > file.log >>>>> >>>>> this is not work >>>>> please help me >>>> >>>> Vladimir, >>>> >>>> Could you confirm that when you typed the command, you entered >>>> it as above instead of using /dev/auditpipe, the actual name of >>>> the audit device? I think all the examples in the Handbook are >>>> correct, suggesting a transcription error either when you typed >>>> the command, or when you copied it to the e-mail. If that's not >>>> it, could you be more specific about the failure mode? >>>> >>>> Robert N M Watson >>>> Computer Laboratory >>>> University of Cambridge >>>> >>> sorry >>> my problem in buffer-pipe >>> # praudit -l /dev/auditpipe | tee file.log >>> >>> need full load in buffer-pipe (4096 bytes), after data forward to >>> STDOUT & file.log >>> please help me data forward without buffer-pipe ?? >> >> Try the --line-buffered option to grep. I've had a lot of luck >> with it. Something like the following may work for you: >> >> # praudit /etc/auditpipe | grep --line-buffered -e "xxx" >> >> If you just want to pipe to a file, use something like: >> >> # praudit /etc/auditpipe | grep --line-buffered -e "$" >> file.log >> >> HTH >> ----- >> Eric F Crist >> Secure Computing Networks >> >> >> > thx > this not working > wite up buffer-pipe to 4096 bytes > Can I ask what is in the /etc/auditpipe file? ----- Eric F Crist Secure Computing Networks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?80FA5D23-FA4E-4D1D-87E8-B06E4931C48D>