cron and aureport

cron and aureport

[Phillip Programmer]

[-- Attachment #1.1: Type: text/plain, Size: 906 bytes --]

Hi,

We are running into a strange issue when we run reports inside of a script
as root everything works fine.  When we point the root crontab at the same
script it no longer returns any results.

For example we have the script something like this  below:


#!/bin/bash
#
# script foo.sh
# report to log.
###########################################
/sbin/aureport   -i -f  -ts today  --failed  > /root/someloghere
# end script


When we run foo.sh as root from a command prompt it works fine.

When we run it from a crontab it doesn't return any results.


We has also tried adding the path to the file .
/sbin/aureport   -i -f  -ts today  --failed  > /root/someloghere  -if
/var/log/audit/audit.log  > /root/someloghere


We are running RHEL5.1 x64 if that matters.

I also downloaded and built the aureport and ausearch   still it had to
effect.

Is there something we are doing wrong?


Thanks

Phillip

[-- Attachment #1.2: Type: text/html, Size: 1165 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

Re: cron and aureport

[Steve Grubb]

On Thursday 20 November 2008 13:10:23 Phillip Programmer wrote:
> We are running into a strange issue when we run reports inside of a script
> as root everything works fine.  When we point the root crontab at the same
> script it no longer returns any results.

You need to use the --input-logs option. If ausearch sees stdin as a pipe, it 
assumes that is where it gets its data from. The input logs option tells it 
to ignore the fact that stdin is a pipe and process the logs. Aureport has 
the same problem and option to fix it.


> We are running RHEL5.1 x64 if that matters.

This was fixed in the 1.6.7 general release and backported to the 1.6.5 RHEL5 
release.

-Steve