Re: missing avc message field names
On Tue, 2007-01-30 at 09:49 -0500, Karl MacMillan wrote:
Steve Grubb wrote:
> ausearch -m all --raw | grep anything you want
tail -f happens to be my favorite counter example, but I am certain
there are other useful tricks for monitoring logs that will break. Not
to mention the number of log monitoring and aggregation tools that
assume text logs.
To be fair the new audit dispatcher already has a plugin that does the
same thing as "tail -f" without needing to call stat(), and that'll be
released before auditd has binary logs ... although one could certainly
argue that it's not as obvious, it seems like a small price.
--
James Antill <jantill(a)redhat.com>