Output of aureport in columns
Patrick Synor
PSynor at routeone.com
Fri Jul 13 13:27:12 UTC 2012
Is it possible that the output for these tools is not directed to STDOUT completely? In which case you might have better luck redirecting output with something like 2>&1?
Just a thought...
-----Original Message-----
From: linux-audit-bounces at redhat.com [mailto:linux-audit-bounces at redhat.com] On Behalf Of Steve Grubb
Sent: Friday, July 13, 2012 9:23 AM
To: linux-audit at redhat.com
Subject: Re: Output of aureport in columns
On Thursday, July 12, 2012 04:26:25 PM Michael Mather wrote:
> Hi,
>
> I have managed to find an easy way to put the output of aureport into
> neat columns. For example:
>
> aureport -i -f | sed 's/=====/==== /g' | column -t
>
> However, if I combine this with ausearch, as in:
>
> ausearch -k ROOT |aureport -i -f | sed .....
Is this really the ausearch portion or did you omit some parameters for brevity?
> then some lines come out properly and some have extra data that shifts
> everything off. For example, here are two successive lines from the
> output. The first has 9 fields and the second 15:
>
> 311. 12-07-12 16:21:03 /proc/self/loginuid open yes /usr/bin/sudo mm 597
> 312. 12-07-12 16:21:03 (null) inode=970 dev=08:01 mode=0100755 ouid=0
> ogid=0 rdev=00:00 execve yes /sbin/aureport root 599
>
> What is happening?
Does it behave better if you add --raw to the ausearch portion?
-Steve
--
Linux-audit mailing list
Linux-audit at redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
CONFIDENTIALITY NOTE: This message and any attachments are confidential, may contain information that is privileged and is intended only for the use of the addressee. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. This message is not meant to constitute an electronic signature or evidence intent to contract electronically.
More information about the Linux-audit
mailing list