Re: buffer space
Depending if you are using logrotate.d/audit and how it numbers the
files as it rotates...
audit.log.1.gz
audit.log.2.gz
...
audit.log.89.gz
audit.log.90.gz
The sort below will but the list in exact order....
zcat `ls /var/log/audit/*.gz | sort -t. --key=3,2n` | ausearch -i
Thank u Steve...
Norman Mark St. Laurent
Conceras | Chief Technology Officer and ISSE
Web: http://www.conceras.com
Connect. Collaborate. Conceras.
LC Bruzenak wrote:
On Mon, 2009-08-17 at 14:01 -0400, Steve Grubb wrote:
>> It's a problem for me too.
>> I was thinking about just patching the ausearch code to behave as
>> desired...but hoping Steve beat me to it so there was a greatly
>>
> reduced
>
>> chance of bad code...
>>
> #cat `ls /var/log/audit/a* | sort -r` | ausearch -i
> #cat `ls /var/log/audit/a* | sort -r` | aureport
>
> cat can open more than one file at a time,
>
> -Steve
>
Told you so!
:)
LCB.