audit-viewer

[Dan Gruhn]

Greetings,

Miloslav Trmac wrote:
> Hello,
> ----- "Dan Gruhn" <Dan.Gruhn at groupw.com> wrote:
>   
>> I am getting this error when audit viewer starts:
>>
>> # audit-viewer
>> Error reading audit events: No such file or directory.
>>
>> Thinking that perhaps something is pointing to the wrong files, I 
>> attempted to use Window/Change event source.. . Then I get this:
>>     
> <snip>
>   
>>   File "/usr/local/share/audit-viewer/source_dialog.py", line 161, in
>>
>> __source_log_with_rotated_toggled
>>     self.source_log.set_active_iter(it)
>> TypeError: iter should be a GtkTreeIter
>>     
> This crash is a bug in audit-viewer, I'll fix it for the next release.
>   
I look forward to that.
> I'm not 100% sure, but I think the problem is caused by the fact that audit-viewer searches for audit logs in the --prefix subtree (as specified by configure). You can verify the used path by running (strings /your/prefix/libexec/audit-viewer-server-real |grep /log/audit); If it is not /var/log/audit, you'll need to rebuild audit-viewer, specifying --localstatedir=/var .
>   
You are right, the path was /usr/local/var/log/audit.  Once I recompiled 
with this change everything seems to be working.  Does this default of 
--prefix subree make sense in any situation?  I ask because perhaps a 
default of /var would more often produce the correct result.
> I'll document the necessity to use --localstatedir.
>
> Thank you,
>     Mirek
>   
Thank you for taking the time to lead me through all of this.  I think I 
am on my way now.

Dan