audit (OpenBSM) & cat

Fri Feb 8 02:48:20 PST 2008

hi all

description of trouble situation on system FreeBSD 6.3-RELEASE i386:

open 2 putty console on remote server

console1:
# cat /dev/auditpipe | praudit -l

console2:
# cat >> /var/log/audit_cat.data

console1 (output message):
# cat /dev/auditpipe | praudit -l
header,168,10,open(2) - write,creat,0,Fri Feb  8 12:59:34 2008, + 309 
msec,argument,3,0x1b6,mode,argument,2,0x209,flags,path,/var/log/audit_cat.data,attribute,644,root,admin,72,2732063,10952279,subject,venom,root,wheel,root,wheel,44255,41955,1647,192.168.1.26,return,success,4,trailer,168,

after 30 seconds

console2 (cat waiting user input & user typing message & pusshing 
'Ctrl+d' for deattach ):
# cat >> /var/log/audit_cat.data
abracadabra_message
#

console1 (don`t output message on user action 'adding string 
"abracadabra_message" & deattach'):
# cat /dev/auditpipe | praudit -l
header,168,10,open(2) - write,creat,0,Fri Feb  8 12:59:34 2008, + 309 
msec,argument,3,0x1b6,mode,argument,2,0x209,flags,path,/var/log/audit_cat.data,attribute,644,root,admin,72,2732063,10952279,subject,venom,root,wheel,root,wheel,44255,41955,1647,192.168.1.26,return,success,4,trailer,168,

/dev/auditpipe output data on moment create file descriptor, but don`t 
output message after adding string in file and close file

any solution?

/Vladimir Ermakov