ausearch and terminal
Vadym Chepkov
chepkov at yahoo.com
Fri Jul 31 12:55:24 UTC 2009
I figured it out, apparently you have to add switch --input-logs, when you run it from cron. Don't ask me why, I am puzzled myself.
Sincerely yours,
Vadym Chepkov
--- On Fri, 7/31/09, Daniel J Walsh <dwalsh at redhat.com> wrote:
> From: Daniel J Walsh <dwalsh at redhat.com>
> Subject: Re: ausearch and terminal
> To: "Vadym Chepkov" <chepkov at yahoo.com>
> Cc: "Fedora SELinux" <fedora-selinux-list at redhat.com>
> Date: Friday, July 31, 2009, 8:42 AM
> On 07/30/2009 10:38 PM, Vadym Chepkov
> wrote:
> > Hi,
> >
> > I observe a very strange behavior of the ausearch
> utility.
> > audit-1.7.7-6.el5_3.3
> >
> > # cat /root/bin/autest.sh
> > /sbin/ausearch -m avc| wc -l
> >
> > If I run it, I get expected results:
> >
> > # /root/bin/autest.sh
> > 1563
> >
> > But if I run it from cron, I get this in e-mail:
> >
> > <no matches>
> > 0
> >
> > Why??
> >
> > Sincerely yours,
> > Vadym Chepkov
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> Is cron being denied the ability to read the
> audit.log? Look for an AVC.
>
More information about the fedora-selinux-list
mailing list