Hello every one.

My plugin now works well in the debug mode,I.E. using  cat log | ./audisp-example it works well

But it failed when I did not use the debug mode.

 

 

Here it's the code that I have changed.

 

/* This function shows how to dump a whole record's text */
static void dump_whole_record(auparse_state_t *au)
{
    FILE *out;
    if((out=fopen("./test.txt","a+"))!=NULL)/*打开源文件，读取数据*/
    {    
      fprintf(out,"%s: %s\n", audit_msg_type_to_name(auparse_get_type(au)),auparse_get_record_text(au));
      fclose(in); /*关文件*/
    }

  // printf("%s: %s\n", audit_msg_type_to_name(auparse_get_type(au)),auparse_get_record_text(au));
  //printf("\n");
}

 

 

In the debug mode I'm able to create a test.txt in the current direcory .And write the information into the test.txt

But when I copy the audisp-example to /sbin/,  and copy the configure file audisp-example.conf  to /etc//etc/audisp/plugins.d

restart the auditd, it didnot work.

 

Why?

Can anyone help

 

  Regards
                                                                         Jeedan
--
-----------------------------
陈洁丹   北京邮电大学软件学院
地 址：  北京邮电大学学二D12寝室
邮 编：  100876
Email:   jeedan.chen@gmail.com
---------------------------------
--
-----------------------------
陈洁丹   北京邮电大学软件学院
地 址：  北京邮电大学学二D12寝室
邮 编：  100876
Email:   jeedan.chen@gmail.com
---------------------------------