buffer space
Norman Mark St. Laurent
mstlaurent at conceras.com
Mon Aug 17 18:46:30 UTC 2009
Depending if you are using logrotate.d/audit and how it numbers the
files as it rotates...
audit.log.1.gz
audit.log.2.gz
...
audit.log.89.gz
audit.log.90.gz
The sort below will but the list in exact order....
zcat `ls /var/log/audit/*.gz | sort -t. --key=3,2n` | ausearch -i
Thank u Steve...
Norman Mark St. Laurent
Conceras | Chief Technology Officer and ISSE
Web: http://www.conceras.com
Connect. Collaborate. Conceras.
LC Bruzenak wrote:
> On Mon, 2009-08-17 at 14:01 -0400, Steve Grubb wrote:
>
>>> It's a problem for me too.
>>> I was thinking about just patching the ausearch code to behave as
>>> desired...but hoping Steve beat me to it so there was a greatly
>>>
>> reduced
>>
>>> chance of bad code...
>>>
>> #cat `ls /var/log/audit/a* | sort -r` | ausearch -i
>> #cat `ls /var/log/audit/a* | sort -r` | aureport
>>
>> cat can open more than one file at a time,
>>
>> -Steve
>>
>
> Told you so!
> :)
>
> LCB.
>
>
More information about the Linux-audit
mailing list