From: Crist Clark (Crist.Clark@globalstar.com)
Date: Tue Oct 17 2006 - 13:47:57 EDT
The auditreduce(1M) command can't handle large files?
# ls -l 20061013071422.20061017171002.butler
-rw------- 1 root root 2329248048 Oct 17 10:10
20061013071422.20061017171002.butler
# truss auditreduce -a 20061017 20061013071422.20061017171002.butler >
/dev/null
[snip]
stat("20061013071422.20061017171002.butler", 0xFFBFF760) Err#79 EOVERFLOW
getrlimit(RLIMIT_NOFILE, 0xFFBFFA48) = 0
ioctl(1, TCGETA, 0xFFBFF6C4) Err#6 ENXIO
fstat64(1, 0xFFBFF738) = 0
fstat64(1, 0xFFBFF5E0) = 0
getpid() = 18309 [18308]
write(1, "11\0\0\0\0\0\0\0\0\001\0".., 24) = 24
close(1) = 0
fdsync(1, O_RDONLY|O_SYNC) Err#9 EBADF
_exit(0)
The output (when not directed to /dev/null) is empty.
I could work around that if I could figure out how to send
the audit data to auditreduce(1M) through a pipe, but
auditreduce(1M) doesn't seem to have a documented way to
read audit data from stdin. Is there a sooper-seekrit way
to do that?
Anyone have suggestions on how I can break down my big audit
file given that auditreduce(1M) is the tool designed to do
that task?
-- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387 BB<information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster@globalstar.com _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:41:02 EDT