Description of problem: When aureport is run from a file in /etc/cron.hourly or /etc/cron.daily, it uses standard input for input rather than /var/log/audit/audit.log. It finds no log records on standard input. Version-Release number of selected component (if applicable): audit-1.6.2-4.fc8 How reproducible: every time Steps to Reproduce: 1.Create a file in /etc/cron.daily or /etc/cron.hourly to run aureport 2.Wait for cron to run the file 3. Actual results: No data is seen by aureport Expected results: aureport processes the data in /var/log/audit/audit.log Additional info: The following check is done in aureport.c: if (input_is_pipe()) rc = process_stdin(); else if (user_file) rc = process_file(user_file); else rc = process_logs(&config); When a job is run by cron, standard input is set to a pipe so the pipe is used ranther than the files, even if the -if option is given on the aureport command.
I added --input-logs to audit-1.6.7 development code. It should be released within a few weeks.
audit-1.6.7-1 was built into rawhide and F-8 testing. The new option should solve the problem. Thanks for reporting the bug!
audit-1.6.8-2 should be available for Fedora 8. Closing this bug. Thanks for the report.