Depending if you are using logrotate.d/audit and how it numbers the
files as it rotates...
audit.log.1.gz
audit.log.2.gz
...
audit.log.89.gz
audit.log.90.gz
The sort below will but the list in exact order....
zcat `ls /var/log/audit/*.gz | sort -t. --key=3,2n` | ausearch -i
Thank u Steve...
Norman Mark St. Laurent
Conceras | Chief Technology Officer and ISSE
Web: http://www.conceras.com
Connect. Collaborate. Conceras.
LC Bruzenak wrote:
On Mon, 2009-08-17 at 14:01 -0400, Steve Grubb wrote:
It's a problem for me too.
I was thinking about just patching the ausearch code to behave as
desired...but hoping Steve beat me to it so there was a greatly
reduced
chance of bad code...
#cat `ls /var/log/audit/a* | sort -r` | ausearch -i
#cat `ls /var/log/audit/a* | sort -r` | aureport
cat can open more than one file at a time,
-Steve
Told you so!
:)
LCB.
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
