From owner-freebsd-hackers@FreeBSD.ORG Tue Aug 21 13:25:42 2007 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F112A16A418 for ; Tue, 21 Aug 2007 13:25:42 +0000 (UTC) (envelope-from mnslinky@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.183]) by mx1.freebsd.org (Postfix) with ESMTP id A2F1A13C459 for ; Tue, 21 Aug 2007 13:25:42 +0000 (UTC) (envelope-from mnslinky@gmail.com) Received: by py-out-1112.google.com with SMTP id u77so2687779pyb for ; Tue, 21 Aug 2007 06:25:40 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=YP6VmeLvsWLsNkQg1mYL0outKatMXEu1VVO4vPPS7umG7qYAhHQvMCtd+BAI8fgkOUYPtk4LZ09ha6STVwEfdmZ0j6TXVeCk20Hv/EYVInYFt4gShkJA4XwTpdFRgO/M7kiHxztEfJKAV4erJuxTMcq4+Tc/b9h/1x/XJc0WIkw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=NskBLCHDZv2s1UBP5UQKUiSXPtHIMJGgM1cFdQbtK8VMmRZYCwX1ik1HyL+ck+Ae9+Txv1cXxInaJ3CaJKQnT9Mq/DJEHLNb//l5b9h99C4NwEJbKtoCFAydloXG+4G9f5D+K1jIVuRsX/qGFW+pv+bJwSxmWvpWpWLXaGR5hYU= Received: by 10.35.86.19 with SMTP id o19mr8813956pyl.1187702737151; Tue, 21 Aug 2007 06:25:37 -0700 (PDT) Received: from ?192.168.1.3? ( [209.240.66.157]) by mx.google.com with ESMTPS id f78sm10653236pyh.2007.08.21.06.25.27 (version=SSLv3 cipher=OTHER); Tue, 21 Aug 2007 06:25:28 -0700 (PDT) In-Reply-To: <46CAE6C7.5060706@gmail.com> References: <46C9528D.8010201@gmail.com> <20070821123943.N50579@fledge.watson.org> <46CADFF9.2000700@gmail.com> <46CAE6C7.5060706@gmail.com> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <80FA5D23-FA4E-4D1D-87E8-B06E4931C48D@gmail.com> Content-Transfer-Encoding: 7bit From: Eric Crist Date: Tue, 21 Aug 2007 08:25:21 -0500 To: sam X-Mailer: Apple Mail (2.752.3) Cc: freebsd-hackers@freebsd.org, Robert Watson Subject: Re: work praudit with tee & grep X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Aug 2007 13:25:43 -0000 On Aug 21, 2007, at 8:21 AMAug 21, 2007, sam wrote: > Eric Crist wrote: >> On Aug 21, 2007, at 7:52 AMAug 21, 2007, sam wrote: >> >>> Robert Watson wrote: >>>> >>>> On Mon, 20 Aug 2007, sam wrote: >>>> >>>>> I am installed AUDIT >>>>> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ >>>>> audit.html >>>>> >>>>> # praudit /etc/auditpipe | grep "xxx" >>>>> & >>>>> # praudit /etc/auditpipe | tee file.log >>>>> & >>>>> # praudit /etc/auditpipe > file.log >>>>> >>>>> this is not work >>>>> please help me >>>> >>>> Vladimir, >>>> >>>> Could you confirm that when you typed the command, you entered >>>> it as above instead of using /dev/auditpipe, the actual name of >>>> the audit device? I think all the examples in the Handbook are >>>> correct, suggesting a transcription error either when you typed >>>> the command, or when you copied it to the e-mail. If that's not >>>> it, could you be more specific about the failure mode? >>>> >>>> Robert N M Watson >>>> Computer Laboratory >>>> University of Cambridge >>>> >>> sorry >>> my problem in buffer-pipe >>> # praudit -l /dev/auditpipe | tee file.log >>> >>> need full load in buffer-pipe (4096 bytes), after data forward to >>> STDOUT & file.log >>> please help me data forward without buffer-pipe ?? >> >> Try the --line-buffered option to grep. I've had a lot of luck >> with it. Something like the following may work for you: >> >> # praudit /etc/auditpipe | grep --line-buffered -e "xxx" >> >> If you just want to pipe to a file, use something like: >> >> # praudit /etc/auditpipe | grep --line-buffered -e "$" >> file.log >> >> HTH >> ----- >> Eric F Crist >> Secure Computing Networks >> >> >> > thx > this not working > wite up buffer-pipe to 4096 bytes > Can I ask what is in the /etc/auditpipe file? ----- Eric F Crist Secure Computing Networks