Is it possible that the output for these tools is not directed to STDOUT completely? In which case you might have better luck redirecting output with something like 2>&1?
Just a thought... -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Steve Grubb Sent: Friday, July 13, 2012 9:23 AM To: [email protected] Subject: Re: Output of aureport in columns On Thursday, July 12, 2012 04:26:25 PM Michael Mather wrote: > Hi, > > I have managed to find an easy way to put the output of aureport into > neat columns. For example: > > aureport -i -f | sed 's/=====/==== /g' | column -t > > However, if I combine this with ausearch, as in: > > ausearch -k ROOT |aureport -i -f | sed ..... Is this really the ausearch portion or did you omit some parameters for brevity? > then some lines come out properly and some have extra data that shifts > everything off. For example, here are two successive lines from the > output. The first has 9 fields and the second 15: > > 311. 12-07-12 16:21:03 /proc/self/loginuid open yes /usr/bin/sudo mm 597 > 312. 12-07-12 16:21:03 (null) inode=970 dev=08:01 mode=0100755 ouid=0 > ogid=0 rdev=00:00 execve yes /sbin/aureport root 599 > > What is happening? Does it behave better if you add --raw to the ausearch portion? -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit CONFIDENTIALITY NOTE: This message and any attachments are confidential, may contain information that is privileged and is intended only for the use of the addressee. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. This message is not meant to constitute an electronic signature or evidence intent to contract electronically. -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
