From: Dan Gruhn <Dan.Gruhn@GroupW.com>
To: linux-audit@redhat.com
Subject: Re: audit-viewer
Date: Mon, 02 Mar 2009 15:59:58 -0500 [thread overview]
Message-ID: <49AC48CE.8050706@GroupW.com> (raw)
In-Reply-To: <488168736.180571236014573827.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
Greetings,
Miloslav Trmac wrote:
> Hello,
> ----- "Dan Gruhn" <Dan.Gruhn@groupw.com> wrote:
>
>> I am getting this error when audit viewer starts:
>>
>> # audit-viewer
>> Error reading audit events: No such file or directory.
>>
>> Thinking that perhaps something is pointing to the wrong files, I
>> attempted to use Window/Change event source.. . Then I get this:
>>
> <snip>
>
>> File "/usr/local/share/audit-viewer/source_dialog.py", line 161, in
>>
>> __source_log_with_rotated_toggled
>> self.source_log.set_active_iter(it)
>> TypeError: iter should be a GtkTreeIter
>>
> This crash is a bug in audit-viewer, I'll fix it for the next release.
>
I look forward to that.
> I'm not 100% sure, but I think the problem is caused by the fact that audit-viewer searches for audit logs in the --prefix subtree (as specified by configure). You can verify the used path by running (strings /your/prefix/libexec/audit-viewer-server-real |grep /log/audit); If it is not /var/log/audit, you'll need to rebuild audit-viewer, specifying --localstatedir=/var .
>
You are right, the path was /usr/local/var/log/audit. Once I recompiled
with this change everything seems to be working. Does this default of
--prefix subree make sense in any situation? I ask because perhaps a
default of /var would more often produce the correct result.
> I'll document the necessity to use --localstatedir.
>
> Thank you,
> Mirek
>
Thank you for taking the time to lead me through all of this. I think I
am on my way now.
Dan
next prev parent reply other threads:[~2009-03-02 21:00 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1241228806.180461236014459986.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2009-03-02 17:22 ` audit-viewer Miloslav Trmac
2009-03-02 20:59 ` Dan Gruhn [this message]
2009-03-02 21:07 ` audit-viewer Miloslav Trmac
[not found] <1162925222.89101235079087226.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
2009-02-19 21:31 ` audit-viewer Miloslav Trmac
2009-02-20 17:36 ` audit-viewer Dan Gruhn
2009-02-20 20:32 ` audit-viewer Miloslav Trmac
2009-03-02 16:38 ` audit-viewer Dan Gruhn
2009-02-19 21:09 audit-viewer Dan Gruhn
2009-02-19 21:20 ` audit-viewer Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49AC48CE.8050706@GroupW.com \
--to=dan.gruhn@groupw.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox