cancel
Showing results for 
Search instead for 
Did you mean: 

Audit_tool in crontab

Alejandro Schmidt
Occasional Advisor

Audit_tool in crontab

Hello

I have the script below set in crontab, but for some reason the audit_tool is not working. If I run it manually it works fine, it gives me the reports for the two UID I set in the for loop.
Any Idea why it is not working when I set it as a cron job?

Cron Job:
35 11 * * * /raid/audit/logs/get_PID_logs.sh > /raid/audit/pid.log

Script:
#!/usr/bin/ksh
/usr/sbin/auditd -d
for i in `cat << END
5264
1128
END`
do
/usr/sbin/audit_tool -a $i -R /raid/audit/logs/auditlog.*
done

Thank you
4 REPLIES
Dennis Handly
Acclaimed Contributor

Re: Audit_tool in crontab

There is nothing obviously wrong, you have an absolute path for audit_tool.

You could add "-x" to your #! line to trace where it goes wrong. The stderr output would be mailed to you. Or add 2>&1 at the end of your crontab line.

Any reason you are using cat and a here document instead of just listing all of the IDs?
for i in \
5264 \
1128 \
do
Alejandro Schmidt
Occasional Advisor

Re: Audit_tool in crontab

Hello

I added the -x in the script and the 2>&1 in the crontab.

Crontab Job:
* * * * * /raid/audit/logs/get_PID_logs.sh > /raid/audit/pid.log 2>&1

The script I just modified so the audit_tool is the only thing runing:

#!/usr/bin/ksh -x
/usr/sbin/auditd -d

/usr/sbin/audit_tool -R /raid/audit/logs/auditlog.*

This is the output I am getting in the pid.log I set in crontab.

root> more pid.log
+ /usr/sbin/auditd -d
+ /usr/sbin/audit_tool -R /raid/audit/logs/auditlog.fppdsa.001
(1000 records processed...)

(2000 records processed...)

(3000 records processed...)

(4000 records processed...)

(5000 records processed...)

(10000 records processed...)

(11000 records processed...)

(13000 records processed...)

(14000 records processed...)

root>

Apparently the job is getting killed. It doesn't finish to process all the records.

Any Idea??

Thank you!!
Dennis Handly
Acclaimed Contributor

Re: Audit_tool in crontab

>This is the output I am getting in the pid.log I set in crontab.

I don't see that "-a PID" any more??

Also, audit_tool seems to be a Tru64 command, not HP-UX. I'll ask the moderators to move it there.
Suraj K Sankari
Honored Contributor

Re: Audit_tool in crontab

Hi,
why you are doing
for i in `cat << END
5264
1128
END`

you can do like this

for i in 5264 1128
do
/usr/sbin/audit_tool -a $i -R /raid/audit/logs/auditlog.*
done

Suraj