---
 ausearch.c |   31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

Index: trunk/src/ausearch.c
===================================================================
--- audit-1.7.7/src/ausearch.c.orig	2008-11-26 22:39:25.736364000 +0100
+++ audit-1.7.7/src/ausearch.c	2008-11-27 00:21:32.801448000 +0100
@@ -34,6 +34,7 @@
 #include <sys/resource.h>
 #include <sys/stat.h>
 #include <locale.h>
+#include <signal.h>
 #include "libaudit.h"
 #include "auditd-config.h"
 #include "ausearch-options.h"
@@ -43,6 +44,8 @@
 
 static FILE *log_fd = NULL;
 static int found = 0;
+static int input_is_pipe = 0;
+static int timeout_interval = 5;	/* timeout in seconds */
 static int process_logs(void);
 static int process_log_fd(void);
 static int process_stdin(void);
@@ -200,9 +203,19 @@
 	return 0;
 }
 
+static void alarm_handler(int signal)
+{
+	/* will interrupt current syscall */
+}
+
 static int process_stdin(void)
 {
 	log_fd = stdin;
+	input_is_pipe=1;
+
+	if (signal(SIGALRM, alarm_handler) == SIG_ERR ||
+	    siginterrupt(SIGALRM, 1) == -1)
+		return -1;
 
 	return process_log_fd();
 }
@@ -236,6 +249,7 @@
 	char *rc;
 	char *buff = NULL;
 	int first_time = 1;
+	int timer_running = 0;
 
 	while (1) {
 		if (saved_buff) {
@@ -248,11 +262,20 @@
 				if (!buff)
 					return -1;
 			}
-			// FIXME: In pipe mode, if there is a waiting buffer
-			// and 5 seconds has elapsed, go ahead and process
-			// the buffer - nothings coming that's related.
+
+			if (input_is_pipe && !first_time) {	
+				timer_running = 1;
+				alarm(timeout_interval);
+			}
+
 			rc = fgets_unlocked(buff, MAX_AUDIT_MESSAGE_LENGTH,
 					log_fd);
+
+			if (timer_running) {
+				/* timer may have fired but thats ok */
+				timer_running = 0;
+				alarm(0);
+			}
 		}
 		if (rc) {
 			lnode n;
@@ -282,7 +305,9 @@
 			}
 		} else {
 			free(buff);
-			if (feof(log_fd))
+			if (ferror(log_fd) && errno == EINTR)
+				return 0;
+			else if (feof(log_fd))
 				return 1;
 			else 
 				return -1;