work praudit with tee & grep
sam
samflanker at gmail.com
Tue Aug 21 06:21:28 PDT 2007
Eric Crist wrote:
> On Aug 21, 2007, at 7:52 AMAug 21, 2007, sam wrote:
>
>> Robert Watson wrote:
>>>
>>> On Mon, 20 Aug 2007, sam wrote:
>>>
>>>> I am installed AUDIT
>>>> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html
>>>>
>>>> # praudit /etc/auditpipe | grep "xxx"
>>>> &
>>>> # praudit /etc/auditpipe | tee file.log
>>>> &
>>>> # praudit /etc/auditpipe > file.log
>>>>
>>>> this is not work
>>>> please help me
>>>
>>> Vladimir,
>>>
>>> Could you confirm that when you typed the command, you entered it as
>>> above instead of using /dev/auditpipe, the actual name of the audit
>>> device? I think all the examples in the Handbook are correct,
>>> suggesting a transcription error either when you typed the command,
>>> or when you copied it to the e-mail. If that's not it, could you be
>>> more specific about the failure mode?
>>>
>>> Robert N M Watson
>>> Computer Laboratory
>>> University of Cambridge
>>>
>> sorry
>> my problem in buffer-pipe
>> # praudit -l /dev/auditpipe | tee file.log
>>
>> need full load in buffer-pipe (4096 bytes), after data forward to
>> STDOUT & file.log
>> please help me data forward without buffer-pipe ??
>
> Try the --line-buffered option to grep. I've had a lot of luck with
> it. Something like the following may work for you:
>
> # praudit /etc/auditpipe | grep --line-buffered -e "xxx"
>
> If you just want to pipe to a file, use something like:
>
> # praudit /etc/auditpipe | grep --line-buffered -e "$" >> file.log
>
> HTH
> -----
> Eric F Crist
> Secure Computing Networks
>
>
>
thx
this not working
wite up buffer-pipe to 4096 bytes
More information about the freebsd-hackers
mailing list