auditing for RHEL ES4

Bill Tangren bjt at usno.navy.mil
Wed Dec 26 21:15:16 UTC 2007


> On Friday 16 November 2007 10:54:40 Bill Tangren wrote:
>> The reports always cover the entire range of available logs (sometimes
>> gigabytes of data). The reports can take a LONG time to compile, and it
>> doesn't give me the daily snapshot I need.
>
> Use the -ts and -te commandline options to limit the report range. It
> requires
> the date format to be correct for your locale - iow   date "+%x %T". The
> older version does not support words like today or yesterday.
>
>

I now have time to work on this. I did this for an example:

[root at www ~]# aureport -ts `date "+%x 16:00:00"`

Summary Report
======================
Range of time: 12/12/2007 00:33:26.629 - 12/26/2007 16:08:11.825
Number of changes in configuration: 0
Number of changes to accounts or groups: 0
Number of logins: 0
Number of failed logins: 0
Number of users: 2
Number of terminals: 1
Number of host names: 1
Number of executables: 8
Number of files: 11
Number of AVC denials: 0
Number of failed syscalls: 10
Number of watched file events: 36
Number of anomaly events: 0
Number of responses to anomaly events: 0
Number of process IDs: 14
Number of events: 65

[root at www ~]# aureport -ts `date "+%x 00:00:00"`

Summary Report
======================
Range of time: 12/12/2007 00:33:26.629 - 12/26/2007 16:08:26.817
Number of changes in configuration: 0
Number of changes to accounts or groups: 0
Number of logins: 1
Number of failed logins: 0
Number of users: 2
Number of terminals: 3
Number of host names: 2
Number of executables: 54
Number of files: 225
Number of AVC denials: 0
Number of failed syscalls: 834
Number of watched file events: 1550
Number of anomaly events: 0
Number of responses to anomaly events: 0
Number of process IDs: 651
Number of events: 3388

[root at www ~]#

Notice that the range times are the same for both examples, but the other
results are different. Is there a problem with the range times?

-- 

Bill Tangren
U.S. Naval Observatory




More information about the Linux-audit mailing list