From owner-freebsd-hackers@FreeBSD.ORG Tue Aug 21 13:26:49 2007 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DC4EA16A418 for ; Tue, 21 Aug 2007 13:26:49 +0000 (UTC) (envelope-from mnslinky@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.177]) by mx1.freebsd.org (Postfix) with ESMTP id 743F713C480 for ; Tue, 21 Aug 2007 13:26:49 +0000 (UTC) (envelope-from mnslinky@gmail.com) Received: by py-out-1112.google.com with SMTP id u77so2688378pyb for ; Tue, 21 Aug 2007 06:26:47 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=s1kaAkNiS/EVV721vbgOuA7sDiSCfCvUcqRBRgpUUxTPfJ0I66XbKd+tf5nkVDanrolpWHS41WdW/G8/4TF8PtBbV5lYD3gZVrlJUmempMasiiBVAE98mIFIoS8qoS5tMJ1ffAfVTJsJl0AUMadClCucQ+DOwwKbRIDcDCv+XSw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=WgdW9BhOd+vwWBAOGC+5eZJuSD5cpkOED6s4NyItvcAKyRXvD+a+ulBg825wpI3ACkXYPEJCPUrLhe91Eh9eEIHt47p8Sk2Sb5S66xergwLXNya7kGIZEAwxCshfarGcxson/NCXu8p8MqIDUFNQzZzQRqEB8I4TB/9UJmC7Zro= Received: by 10.35.41.8 with SMTP id t8mr8791681pyj.1187701111499; Tue, 21 Aug 2007 05:58:31 -0700 (PDT) Received: from ?192.168.1.3? ( [209.240.66.157]) by mx.google.com with ESMTPS id u2sm10278259pyb.2007.08.21.05.58.29 (version=SSLv3 cipher=OTHER); Tue, 21 Aug 2007 05:58:29 -0700 (PDT) In-Reply-To: <46CADFF9.2000700@gmail.com> References: <46C9528D.8010201@gmail.com> <20070821123943.N50579@fledge.watson.org> <46CADFF9.2000700@gmail.com> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Eric Crist Date: Tue, 21 Aug 2007 07:58:22 -0500 To: sam X-Mailer: Apple Mail (2.752.3) Cc: freebsd-hackers@freebsd.org, Robert Watson Subject: Re: work praudit with tee & grep X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Aug 2007 13:26:49 -0000 On Aug 21, 2007, at 7:52 AMAug 21, 2007, sam wrote: > Robert Watson wrote: >> >> On Mon, 20 Aug 2007, sam wrote: >> >>> I am installed AUDIT >>> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html >>> >>> # praudit /etc/auditpipe | grep "xxx" >>> & >>> # praudit /etc/auditpipe | tee file.log >>> & >>> # praudit /etc/auditpipe > file.log >>> >>> this is not work >>> please help me >> >> Vladimir, >> >> Could you confirm that when you typed the command, you entered it >> as above instead of using /dev/auditpipe, the actual name of the >> audit device? I think all the examples in the Handbook are >> correct, suggesting a transcription error either when you typed >> the command, or when you copied it to the e-mail. If that's not >> it, could you be more specific about the failure mode? >> >> Robert N M Watson >> Computer Laboratory >> University of Cambridge >> > sorry > my problem in buffer-pipe > # praudit -l /dev/auditpipe | tee file.log > > need full load in buffer-pipe (4096 bytes), after data forward to > STDOUT & file.log > please help me data forward without buffer-pipe ?? Try the --line-buffered option to grep. I've had a lot of luck with it. Something like the following may work for you: # praudit /etc/auditpipe | grep --line-buffered -e "xxx" If you just want to pipe to a file, use something like: # praudit /etc/auditpipe | grep --line-buffered -e "$" >> file.log HTH ----- Eric F Crist Secure Computing Networks