Support Home Communities Home   Search Today's Posts Mark Forums Read

 
 
LinkBack Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 11-Mar-2009, 11:31 PM
Member
  
Join Date: Mar 2008
Location: Santa Barbara, CA
Posts: 63
novadean 0 reputation points
Default apparmor and ausearch
It appears that when piping apparmor events from /var/log/audit/audit.log into ausearch some events get lost.

I'm using this command:

/usr/bin/cat /var/log/audit/audit.log | /sbin/ausearch -i -if /dev/stdin

It seems to truncate the message however:

For example raw format of the audit.log contains this entry:

type=APPARMOR msg=audit(1236830026.790:1976): PERMITTING attribute (mode,ctime,) change to /root/Desktop/testfile.txt (chmod(16497) profile bin/chmod active /bin/chmod)

Piping through ausearch gives:
type=APPARMOR msg=audit(03/11/09 20:53:46.790:1975)

Any ideas to make ausearch stop truncating the message?
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -6. The time now is 09:30 AM.
Contact Us - NOVELL FORUMS - Archive - Privacy Statement - Top

© 2007 Novell, Inc. All Rights Reserved.

Search Engine Friendly URLs by vBSEO 3.3.0 RC2