auditreduce(1M) and Large Files
Crist Clark
Crist.Clark at globalstar.com
Tue Oct 17 13:47:57 EDT 2006
The auditreduce(1M) command can't handle large files?
# ls -l 20061013071422.20061017171002.butler
-rw------- 1 root root 2329248048 Oct 17 10:10
20061013071422.20061017171002.butler
# truss auditreduce -a 20061017 20061013071422.20061017171002.butler >
/dev/null
[snip]
stat("20061013071422.20061017171002.butler", 0xFFBFF760) Err#79 EOVERFLOW
getrlimit(RLIMIT_NOFILE, 0xFFBFFA48) = 0
ioctl(1, TCGETA, 0xFFBFF6C4) Err#6 ENXIO
fstat64(1, 0xFFBFF738) = 0
fstat64(1, 0xFFBFF5E0) = 0
getpid() = 18309 [18308]
write(1, "11\0\0\0\0\0\0\0\0\001\0".., 24) = 24
close(1) = 0
fdsync(1, O_RDONLY|O_SYNC) Err#9 EBADF
_exit(0)
The output (when not directed to /dev/null) is empty.
I could work around that if I could figure out how to send
the audit data to auditreduce(1M) through a pipe, but
auditreduce(1M) doesn't seem to have a documented way to
read audit data from stdin. Is there a sooper-seekrit way
to do that?
Anyone have suggestions on how I can break down my big audit
file given that auditreduce(1M) is the tool designed to do
that task?
--
Crist J. Clark crist.clark at globalstar.com
Globalstar Communications (408) 933-4387
BB<information contained in this e-mail message is confidential, intended only
for the use of the individual or entity named above. If the reader of this
e-mail is not the intended recipient, or the employee or agent responsible to
deliver it to the intended recipient, you are hereby notified that any review,
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this e-mail in error, please contact
postmaster at globalstar.com
More information about the sunmanagers
mailing list