ausearch & aureport fail from cron
Dean DeFreitas
dean at DeFreitas.net
Fri Jun 1 18:54:18 UTC 2012
Steve,
Thank you for the reply. I appreciate your time. There was some weird
line wrap on my 3 examples, but I did try that in my second example. I
would not have posted for help if I hadn't exhausted all other attempts.
regards,
Dean
/sbin/ausearch -if /var/log/audit/audit.log -ts 05/29/2012 00:00:00 -te 05/29/2012 23:59:59 > somefile.txt
/sbin/ausearch --input-logs -ts 05/29/2012 00:00:00 -te 05/29/2012 23:59:59 > somefile.txt
cat /var/log/audit/audit.log | /sbin/ausearch -ts 05/29/2012 00:00:00 -te 05/29/2012 23:59:59 > somefile.txt
On 06/01/2012 07:16 AM, Steve Grubb wrote:
> On Wednesday, May 30, 2012 10:34:14 AM dean at defreitas.net wrote:
>> I am using RHEL 5.8 (upgraded from 5.7) and I can not get these reporting
>> tools to work from cron. I have tried many variations to no avail:
>>
>> /sbin/ausearch -if /var/log/audit/audit.log -ts 05/29/2012 00:00:00 -te
>> 05/29/2012 23:59:59 > somefile.txt /sbin/ausearch --input-logs -ts
>> 05/29/2012 00:00:00 -te 05/29/2012 23:59:59 > somefile.txt cat
>> /var/log/audit/audit.log | /sbin/ausearch -ts 05/29/2012 00:00:00 -te
>> 05/29/2012 23:59:59 > somefile.txt
>>
>> Each of those work from the command line and in a script, but fail when the
>> script is run from cron.
> You need to pass the "--input-logs" command line option to force it to look at
> the logs instead of stdin.
>
> -Steve
>
More information about the Linux-audit
mailing list