Too Big An Audit Log To Handle
Have you ever encounter Solaris audit log that has not been rotated for months ? It is just far too big for some of the down stream programs to handle. Click here for a sample of the output from
praudit -l. Here is a sample script to 'chop' them into individual files based on day. With this simple script, now you can handle audit log with ease.
IFS_orig=$IFS cd /var/audit praudit -l 2009052803069.20091009095022.myhost | while read line do IFS="," set -- $line d=$7 IFS=$IFS_orig set -- $d ymd=$1 echo $line >> $ymd.txt done