From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dan Gruhn Subject: Re: audit-viewer Date: Mon, 02 Mar 2009 15:59:58 -0500 Message-ID: <49AC48CE.8050706@GroupW.com> References: <488168736.180571236014573827.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Return-path: Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n22L0IJZ029252 for ; Mon, 2 Mar 2009 16:00:18 -0500 Received: from smtp.group-w-inc.com (group-w-inc.com [70.164.45.3]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id n22KxxvW022205 for ; Mon, 2 Mar 2009 15:59:59 -0500 Received: from smtp.group-w-inc.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id 017D3DA00AC for ; Mon, 2 Mar 2009 15:59:59 -0500 (EST) Received: from [10.254.1.10] (pool-173-73-76-53.washdc.fios.verizon.net [173.73.76.53]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.group-w-inc.com (Postfix) with ESMTP id 8848DDA009F for ; Mon, 2 Mar 2009 15:59:58 -0500 (EST) In-Reply-To: <488168736.180571236014573827.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com Greetings, Miloslav Trmac wrote: > Hello, > ----- "Dan Gruhn" wrote: > >> I am getting this error when audit viewer starts: >> >> # audit-viewer >> Error reading audit events: No such file or directory. >> >> Thinking that perhaps something is pointing to the wrong files, I >> attempted to use Window/Change event source.. . Then I get this: >> > > >> File "/usr/local/share/audit-viewer/source_dialog.py", line 161, in >> >> __source_log_with_rotated_toggled >> self.source_log.set_active_iter(it) >> TypeError: iter should be a GtkTreeIter >> > This crash is a bug in audit-viewer, I'll fix it for the next release. > I look forward to that. > I'm not 100% sure, but I think the problem is caused by the fact that audit-viewer searches for audit logs in the --prefix subtree (as specified by configure). You can verify the used path by running (strings /your/prefix/libexec/audit-viewer-server-real |grep /log/audit); If it is not /var/log/audit, you'll need to rebuild audit-viewer, specifying --localstatedir=/var . > You are right, the path was /usr/local/var/log/audit. Once I recompiled with this change everything seems to be working. Does this default of --prefix subree make sense in any situation? I ask because perhaps a default of /var would more often produce the correct result. > I'll document the necessity to use --localstatedir. > > Thank you, > Mirek > Thank you for taking the time to lead me through all of this. I think I am on my way now. Dan