From mboxrd@z Thu Jan  1 00:00:00 1970
From: Kurt S Harris <kharris@redwood.aur.us.ray.com>
Subject: ausearch from cron
Date: Thu, 29 May 2008 09:37:27 -0600
Message-ID: <483ECDB7.2040602@redwood.aur.us.ray.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m4TFcH5N017131
	for <linux-audit@redhat.com>; Thu, 29 May 2008 11:38:17 -0400
Received: from tus-mailout1.raytheon.com (tus-mailout1.raytheon.com
	[199.46.245.198])
	by mx3.redhat.com (8.13.8/8.13.8) with ESMTP id m4TFc3Jc002510
	for <linux-audit@redhat.com>; Thu, 29 May 2008 11:38:04 -0400
Received: from dmoutt00.directory.ray.com (dmoutt00.directory.ray.com
	[147.25.154.125])
	by tus-mailout1.raytheon.com (Switch-3.3.0/Switch-3.3.0) with ESMTP id
	m4TFbj4i007088
	for <linux-audit@redhat.com>; Thu, 29 May 2008 15:37:48 GMT
Received: from dmsmtpt00.directory.ray.com (dmsmtpt00.directory.ray.com
	[147.25.154.118])
	by dmoutt00.directory.ray.com (Switch-3.3.0/Switch-3.3.0) with ESMTP id
	m4TFbZAc015580
	sender kharris@redwood.aur.us.ray.com for <linux-audit@redhat.com>;
	Thu, 29 May 2008 15:37:47 GMT
Received: from redwood.aur.us.ray.com (redwood.aur.us.ray.com [155.157.138.42])
	by dmsmtpt00.directory.ray.com (8.12.11/8.12.11) with ESMTP id
	m4TFbSMq021214
	sender kharris@redwood.aur.us.ray.com for <linux-audit@redhat.com>;
	Thu, 29 May 2008 15:37:28 GMT
Received: from magenta.aur.us.ray.com (magenta.aur.us.ray.com [155.157.214.38])
	by redwood.aur.us.ray.com (8.12.8/8.12.8) with ESMTP id m4TFbRBL018710
	for <linux-audit@redhat.com>; Thu, 29 May 2008 09:37:27 -0600 (MDT)
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

When I run an ausearch from a cron in RedHat 5.1 I don't get any output, 
running the same command from the command line I get results.  Any ideas 
on what I'm missing?

output:
<no matches>
May 29 09:36:01 magenta last message repeated 3 times
May 29 09:36:01 magenta logger: AuditSearch: -ts 09:35:00 -te 09:36:00
May 29 09:36:01 magenta logger:

crontab:
* * * * 1-5 /usr/sbin/logaudit >> /var/log/messages 2>>/var/log/messages

logaudit:
#!/bin/bash
logaudit(){
ctime=$(/bin/date '+%T')
min=$(echo ${ctime}|cut -f2 -d:)
if [ "${min}" = "00" ];then
        Args=$(echo ${ctime} | /bin/awk -F : '{print "-ts "$1 -1 ":59:00 
-te "$1":"$2":00"}')
else
        Args=$(echo ${ctime} | /bin/awk -F : '{print "-ts "$1":" $2 - 1 
":00 -te "$1":"$2":00"}')
fi
echo -e "\nAuditSearch:" $Args
/sbin/ausearch ${Args} -i >> /var/log/messages 2>>/var/log/messages
echo -e "\n\n"

}

logaudit | /usr/bin/logger -p auth.alert