Are the symptoms below a bug in readlog.py (used in rlog.sh ) or is it a python configuration problem on our system?
When readlog.py finds a large number in /tmp/seekposition and the audit.log file has been log cycled and is small, then readlog.py does not correctly rewrite the seekposition file:
(print statements added in to readlog.py)
SEEKOLD : 8950488
LOGEND : 896092
SEEKPOS : 0
LFTELL : 896092
[root@iapetus bin]# cat /tmp/seekposition
8960928
[root@iapetus bin]
The sf.write command is writing 6 characters (896092) to the file, but not deleting the old seventh character thereby incorrectly leaving the contents as 8960928
... View more