Problems with command args
Jure Simsic
jure.simsic at gmail.com
Fri Sep 17 07:27:41 UTC 2010
On Thu, Sep 16, 2010 at 7:03 PM, Smith, Gary R <gary.smith at pnl.gov> wrote:
> Hi Jure,
>
>
>
> Presuming you’ve captured the audit records you’re interested in a file
> named snorf, you could do something like this:
>
>
>
> cat snorf | awk -F\= '{print $8 "0A"}' | xxd -r –p
>
>
>
> In the example you had in the email, arg4 turns out to be:
> strbegins(thread_id,"thread_id=2369892f")
>
>
>
>
Thanks a lot Gary
This is exactly what I need =))
Jure
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20100917/7f535d01/attachment.htm>
More information about the Linux-audit
mailing list