auditing for RHEL ES4
Steve Grubb
sgrubb at redhat.com
Fri Nov 16 16:24:33 UTC 2007
On Friday 16 November 2007 10:54:40 Bill Tangren wrote:
> The reports always cover the entire range of available logs (sometimes
> gigabytes of data). The reports can take a LONG time to compile, and it
> doesn't give me the daily snapshot I need.
Use the -ts and -te commandline options to limit the report range. It requires
the date format to be correct for your locale - iow date "+%x %T". The
older version does not support words like today or yesterday.
> I'm thinking of installing the latest tarball and compiling, as I understand
> more recent versions of aureport have implemented time limits.
The older one does, too.
> My question now is, is it possible to uninstall the prepackaged audit and
> audit-lib, and install the latest from source, without seriously hosing my
> system?
No, it will not work. RHEL4 (and derivatives) has to use the 1.0.X series of
audit packages.
-Steve
More information about the Linux-audit
mailing list