* watching files/directories with audit the contains turkish characters in file/directory name
@ 2006-06-06 13:29 Evren Kalayciklioglu
2006-06-08 13:43 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: Evren Kalayciklioglu @ 2006-06-06 13:29 UTC (permalink / raw)
To: linux audit
I want to monitor some specific file with audit. These
files' names mostly includes Turkish characters. When
i tried the program, for including Turkish characters,
log for these files is unreadable. I can change all
these files' names but my boss does not accept this.
He wants to watch with Turkish characters and the
output file is correct and readable for Turkish
according to him.
So, i am thinking to change the source if there is
definite character codes. what i want to do that
change the valid character code to unicode UTF-8 or
add unicode UTF-8.
Is it possible? or not? If it is possible, which file
is interested what i want to do in source code?
Thanks a lot.
Evren Kalayciklioglu
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: watching files/directories with audit the contains turkish characters in file/directory name
2006-06-06 13:29 watching files/directories with audit the contains turkish characters in file/directory name Evren Kalayciklioglu
@ 2006-06-08 13:43 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2006-06-08 13:43 UTC (permalink / raw)
To: linux-audit
On Tuesday 06 June 2006 09:29, Evren Kalayciklioglu wrote:
> So, i am thinking to change the source if there is
> definite character codes. what i want to do that
> change the valid character code to unicode UTF-8 or
> add unicode UTF-8.
I'd be curious to see the patch when you have one.
> Is it possible?
I think its possible to update the code to do this. My personal setup is
simply ASCII. That's all it has been tested for.
> If it is possible, which file is interested what i want to do in source
> code?
First I'd see if you can insert a watch and list a watch so that it looks
right.
When that is working, then check the audit logs with vi/emacs/less to see what
kind of records you get. You may find the filenames are encoded. If so don't
worry about it.
Next check the output of ausearch. Something like 'ausearch -m PATH' should be
good enough. Correct that code to display the characters. Next try to find a
file, 'ausearch -f some-name'. After that is working, try executable,
'ausearch -x some-name'. Next get command names working, 'ausearch -c
some-name'. If you allow host names in turkish try 'ausearch -h some-name'.
You may also archive audit logs with turkish characters so you will want to
try copying the audit logs to a file with turkish name and run 'ausearch -if
some-name'.
Any changes from the above should be checked to see if they apply to aureport.
Then I'd start working on that program.
As I said, I'd be interested in seeing the patches.
-Steve
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-06-08 13:43 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-06-06 13:29 watching files/directories with audit the contains turkish characters in file/directory name Evren Kalayciklioglu
2006-06-08 13:43 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox