forked from pool/audit
127 lines
4.6 KiB
Diff
127 lines
4.6 KiB
Diff
---
|
|
docs/ausearch.8 | 3 +++
|
|
src/ausearch-options.c | 10 +++++++++-
|
|
src/ausearch-options.h | 1 +
|
|
src/ausearch.c | 5 ++---
|
|
4 files changed, 15 insertions(+), 4 deletions(-)
|
|
|
|
Index: trunk/docs/ausearch.8
|
|
===================================================================
|
|
--- trunk.orig/docs/ausearch.8
|
|
+++ trunk/docs/ausearch.8
|
|
@@ -57,6 +57,9 @@ Stop after emitting the first event that
|
|
.BR \-k ,\ \-\-key \ \fIkey-string\fP
|
|
Search for an event based on the given \fIkey string\fP.
|
|
.TP
|
|
+.BR \-l ,\ \-\-line-buffered
|
|
+Flush output on every line. Most useful when stdout is connected to a pipe and the default block buffering strategy is undesirable. May impose a performance penalty.
|
|
+.TP
|
|
.BR \-m ,\ \-\-message \ \fImessage-type\fP\ |\ \fIcomma-sep-message-type-list\fP
|
|
Search for an event matching the given \fImessage type\fP. You may also enter a \fIcomma separated list of message types\fP. There is an \fBALL\fP message type that doesn't exist in the actual logs. It allows you to get all messages in the system. The list of valid messages types is long. The program will display the list whenever no message type is passed with this parameter. The message type can be either text or numeric. If you enter a list, there can be only commas and no spaces separating the list.
|
|
.TP
|
|
Index: trunk/src/ausearch-options.c
|
|
===================================================================
|
|
--- trunk.orig/src/ausearch-options.c
|
|
+++ trunk/src/ausearch-options.c
|
|
@@ -51,5 +51,6 @@ int event_ua = 0, event_ga = 0, event_se
|
|
int just_one = 0;
|
|
int event_session_id = -1;
|
|
+int line_buffered = 0;
|
|
const char *event_key = NULL;
|
|
const char *event_node = NULL;
|
|
const char *event_filename = NULL;
|
|
@@ -72,7 +73,7 @@ enum { S_EVENT, S_COMM, S_FILENAME, S_AL
|
|
S_HOSTNAME, S_INTERP, S_INFILE, S_MESSAGE_TYPE, S_PID, S_SYSCALL, S_OSUCCESS,
|
|
S_TIME_END, S_TIME_START, S_TERMINAL, S_ALL_UID, S_EFF_UID, S_UID, S_LOGINID,
|
|
S_VERSION, S_EXACT_MATCH, S_EXECUTABLE, S_CONTEXT, S_SUBJECT, S_OBJECT,
|
|
-S_PPID, S_KEY, S_RAW, S_NODE, S_IN_LOGS, S_JUST_ONE, S_SESSION };
|
|
+S_PPID, S_KEY, S_RAW, S_NODE, S_IN_LOGS, S_JUST_ONE, S_SESSION, S_LINEBUFFERED };
|
|
|
|
static struct nv_pair optiontab[] = {
|
|
{ S_EVENT, "-a" },
|
|
@@ -101,6 +103,8 @@ static struct nv_pair optiontab[] = {
|
|
{ S_JUST_ONE, "--just-one" },
|
|
{ S_KEY, "-k" },
|
|
{ S_KEY, "--key" },
|
|
+ { S_LINEBUFFERED, "-l" },
|
|
+ { S_LINEBUFFERED, "--line-buffered" },
|
|
{ S_MESSAGE_TYPE, "-m" },
|
|
{ S_MESSAGE_TYPE, "--message" },
|
|
{ S_NODE, "-n" },
|
|
@@ -173,6 +177,7 @@ static void usage(void)
|
|
"\t--input-logs\t\t\tUse the logs even if stdin is a pipe\n"
|
|
"\t--just-one\t\t\tEmit just one event\n"
|
|
"\t-k,--key <key string>\t\tsearch based on key field\n"
|
|
+ "\t-l, --line-buffered\t\tFlush output on every line\n"
|
|
"\t-m,--message <Message type>\tsearch based on message type\n"
|
|
"\t-n,--node <Node name>\t\tsearch based on machine's name\n"
|
|
"\t-o,--object <SE Linux Object context> search based on context of object\n"
|
|
@@ -1003,6 +1008,9 @@ int check_params(int count, char *vars[]
|
|
c++;
|
|
}
|
|
break;
|
|
+ case S_LINEBUFFERED:
|
|
+ line_buffered = 1;
|
|
+ break;
|
|
default:
|
|
fprintf(stderr, "%s is an unsupported option\n",
|
|
vars[c]);
|
|
Index: trunk/src/ausearch-options.h
|
|
===================================================================
|
|
--- trunk.orig/src/ausearch-options.h
|
|
+++ trunk/src/ausearch-options.h
|
|
@@ -36,6 +36,7 @@ extern const char *event_subject;
|
|
extern const char *event_object;
|
|
extern int event_se;
|
|
extern int just_one;
|
|
+extern int line_buffered;
|
|
extern pid_t event_ppid;
|
|
extern int event_session_id;
|
|
|
|
Index: trunk/src/ausearch.c
|
|
===================================================================
|
|
|
|
--- audit-1.7.7/src/ausearch.c.orig 2008-11-27 02:09:24.438158000 +0100
|
|
+++ audit-1.7.7/src/ausearch.c 2008-11-27 02:12:45.548843000 +0100
|
|
@@ -43,7 +43,6 @@
|
|
|
|
static FILE *log_fd = NULL;
|
|
static int found = 0;
|
|
-static int pipe_mode = 0;
|
|
static int process_logs(void);
|
|
static int process_log_fd(void);
|
|
static int process_stdin(void);
|
|
@@ -58,11 +57,12 @@
|
|
extern int match(llist *l);
|
|
extern void output_record(llist *l);
|
|
|
|
-static int input_is_pipe(void)
|
|
+static int is_pipe(int fd)
|
|
{
|
|
struct stat st;
|
|
+ int pipe_mode = 0;
|
|
|
|
- if (fstat(0, &st) == 0) {
|
|
+ if (fstat(fd, &st) == 0) {
|
|
if (S_ISFIFO(st.st_mode))
|
|
pipe_mode = 1;
|
|
}
|
|
@@ -92,7 +92,7 @@
|
|
rc = process_file(user_file);
|
|
else if (force_logs)
|
|
rc = process_logs();
|
|
- else if (input_is_pipe())
|
|
+ else if (is_pipe(0))
|
|
rc = process_stdin();
|
|
else
|
|
rc = process_logs();
|
|
@@ -190,6 +190,8 @@
|
|
list_clear(&entries);
|
|
break;
|
|
}
|
|
+ if (line_buffered)
|
|
+ fflush(stdout);
|
|
}
|
|
list_clear(&entries);
|
|
} while (ret == 0);
|