ausearch & aureport fail from cron

Steve Grubb sgrubb at redhat.com
Fri Jun 1 13:16:15 UTC 2012


On Wednesday, May 30, 2012 10:34:14 AM dean at defreitas.net wrote:
>  I am using RHEL 5.8 (upgraded from 5.7) and I can not get these reporting
> tools to work from cron. I have tried many variations to no avail:
> 
> /sbin/ausearch -if /var/log/audit/audit.log  -ts 05/29/2012 00:00:00 -te
> 05/29/2012 23:59:59 > somefile.txt /sbin/ausearch --input-logs -ts
> 05/29/2012 00:00:00 -te 05/29/2012 23:59:59 > somefile.txt cat
> /var/log/audit/audit.log | /sbin/ausearch -ts 05/29/2012 00:00:00 -te
> 05/29/2012 23:59:59 > somefile.txt
> 
> Each of those work from the command line and in a script, but fail when the
> script is run from cron.

You need to pass the "--input-logs" command line option to force it to look at 
the logs instead of stdin.

-Steve




More information about the Linux-audit mailing list