From mboxrd@z Thu Jan  1 00:00:00 1970
From: LC Bruzenak <lenny@magitekltd.com>
Subject: Re: audisp resend question
Date: Thu, 04 Dec 2008 11:52:54 -0600
Message-ID: <1228413174.14768.198.camel@homeserver>
References: <1228411289.14768.187.camel@homeserver>
	<200812041242.22792.sgrubb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id mB4Hr94U023553
	for <linux-audit@redhat.com>; Thu, 4 Dec 2008 12:53:09 -0500
Received: from mail.magitekltd.com (rrcs-24-242-137-197.sw.biz.rr.com
	[24.242.137.197])
	by mx3.redhat.com (8.13.8/8.13.8) with ESMTP id mB4HqsFJ017166
	for <linux-audit@redhat.com>; Thu, 4 Dec 2008 12:52:55 -0500
Received: from [24.242.137.194] (helo=[192.168.30.40])
	by mail.magitekltd.com with esmtpsa
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63)
	(envelope-from <lenny@magitekltd.com>) id 1L8INX-0008B7-5y
	for linux-audit@redhat.com; Thu, 04 Dec 2008 11:52:43 -0600
In-Reply-To: <200812041242.22792.sgrubb@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Linux Audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

On Thu, 2008-12-04 at 12:42 -0500, Steve Grubb wrote:
> On Thursday 04 December 2008 12:21:29 LC Bruzenak wrote:
...
> 
> > How can I try to resend the events to the collector?
> 
> All audisp plugins take their data from stdin. You can pipe the raw output of 
> ausearch into audisp-remote and it should do the right thing.

OK, works for me...the last sent message on the collector is
identifiable, but do timestamps (with full precision) work as input to
the "-ts" switch? 

I don't know how to remove duplicates (probably not be an issue anyway).

Thx,
LCB.

-- 
LC (Lenny) Bruzenak
lenny@magitekltd.com