From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Mathis, Jim" <jim.mathis@lmco.com>
Subject: Aureport and Cron
Date: Thu, 08 May 2008 16:00:35 -0400
Message-ID: <673954B3D6E9A14199B78659C4AD37EE0422D101@emss04m05.us.lmco.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1505875098=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m48K4TUX006867
	for <linux-audit@redhat.com>; Thu, 8 May 2008 16:04:29 -0400
Received: from mailgw2a.lmco.com (mailgw2a.lmco.com [192.91.147.7])
	by mx3.redhat.com (8.13.8/8.13.8) with ESMTP id m48K4G8g006462
	for <linux-audit@redhat.com>; Thu, 8 May 2008 16:04:16 -0400
Received: from emss03g01.ems.lmco.com (relay3.ems.lmco.com [141.240.4.144])by
	mailgw2a.lmco.com (LM-6) with ESMTP id m48K4EBQ018093for
	<linux-audit@redhat.com>; Thu, 8 May 2008 16:04:14 -0400 (EDT)
Received: from CONVERSION2-DAEMON.lmco.com by lmco.com (PMDF V6.3-x14 #31428)
	id <0K0K00801FLGBL@lmco.com> for linux-audit@redhat.com;
	Thu, 08 May 2008 16:00:52 -0400 (EDT)
Received: from EMSS04I00.us.lmco.com ([166.17.13.135]) by lmco.com (PMDF
	V6.3-x14 #31428)
	with ESMTP id <0K0K0029CFL7U7@lmco.com> for linux-audit@redhat.com;
	Thu, 08 May 2008 16:00:47 -0400 (EDT)
Content-class: urn:content-classes:message
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

This is a multi-part message in MIME format.

--===============1505875098==
Content-type: multipart/alternative;
	boundary="Boundary_(ID_JOJlruS1gyKn3E3uKKsz1g)"
Content-class: urn:content-classes:message

This is a multi-part message in MIME format.

--Boundary_(ID_JOJlruS1gyKn3E3uKKsz1g)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT

Hello,
 
OS: RH ES 5.1
Kernel: 2.6.X
 
When I run aureport from the command line it works properly. When I run
the same command via a cron job aureport runs without error but the info
within report is not correct. The problem when running via cron is that
the range time in logs is incorrect. As follows: 
 
Range of time in logs: 12/31/69 19:00:00.000 - 12/31/69 19:00:00.000  
Selected time for report: 05/06/08 00:00:01 - 05/06/08 12:42:01  
 
Now notice the range time in logs when the same aureport command is ran
from the command line. As follows: 
 
Range of time in logs: 05/02/2008 06:40:01.347 - 05/06/2008 11:31:42.642

Selected time for report: 05/02/2008 06:40:01 - 05/06/2008 11:31:42.642

 
So the question is why is aureport using a log time of 12/31/69 via cron
vice 05/XX/08 as per the command line. Thanks. 
 
P.S. aureport -t indictaes proper log times for the audit.logs within
/var/logs/audit
 
-Jim


--Boundary_(ID_JOJlruS1gyKn3E3uKKsz1g)
Content-type: text/html; charset=US-ASCII
Content-transfer-encoding: 7BIT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16640" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN 
class=077095219-08052008>Hello,</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=077095219-08052008></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=077095219-08052008>OS: RH ES 
5.1</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=077095219-08052008>Kernel: 
2.6.X</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=077095219-08052008></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=077095219-08052008><FONT 
face="Times New Roman" size=3>When I run aureport from the command line it works 
properly. When I run the same command via a cron job aureport runs without error 
but the info within report is not correct. The problem when running via cron is 
that the range time in logs is incorrect. As follows: <BR>&nbsp;<BR>Range of 
time in logs: 12/31/69 19:00:00.000 - 12/31/69 19:00:00.000 &nbsp;<BR>Selected 
time for report: 05/06/08 00:00:01 - 05/06/08 12:42:01 &nbsp;<BR>&nbsp;<BR>Now 
notice the range time in logs when the same aureport command is ran from the 
command line. As follows: <BR>&nbsp;<BR>Range of time in logs: 05/02/2008 
06:40:01.347 - 05/06/2008 11:31:42.642 &nbsp;<BR>Selected time for report: 
05/02/2008 06:40:01 - 05/06/2008 11:31:42.642 &nbsp;<BR>&nbsp;<BR>So the 
question is why is aureport using a log time of 12/31/69 via cron vice 05/XX/08 
as per the command line. Thanks. </FONT></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=077095219-08052008><FONT 
face="Times New Roman" size=3></FONT></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=077095219-08052008><FONT 
face="Times New Roman" size=3>P.S. aureport -t indictaes proper log times for 
the audit.logs within /var/logs/audit</FONT></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=077095219-08052008><FONT 
face="Times New Roman" size=3></FONT></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=077095219-08052008><FONT 
face="Times New Roman" size=3>-Jim</FONT></DIV>
<DIV><BR></DIV></SPAN></FONT></BODY></HTML>

--Boundary_(ID_JOJlruS1gyKn3E3uKKsz1g)--


--===============1505875098==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============1505875098==--

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: Aureport and Cron
Date: Thu, 8 May 2008 16:13:54 -0400
Message-ID: <200805081613.54228.sgrubb@redhat.com>
References: <673954B3D6E9A14199B78659C4AD37EE0422D101@emss04m05.us.lmco.com>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <673954B3D6E9A14199B78659C4AD37EE0422D101@emss04m05.us.lmco.com>
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Thursday 08 May 2008 16:00:35 Mathis, Jim wrote:
> So the question is why is aureport using a log time of 12/31/69 via cron
> vice 05/XX/08 as per the command line. Thanks.

Just so I can make sure I recreate the problem, what is your command line 
options for aureport?

-Steve